This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 45%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
Hello,
we deploy autopilot machines with standard users(not local adminsitrators), Intune only and everything is in Azure AD.
When user has to install something UAC secure desktop prompts for credentials. I would like to disable secure desktop and then user will be able to do copy/paste of local admin password.
I am trying to disable secure desktop in UAC using custom configuration profile with these settings:
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
Data type: Integer
Value: 3
https://www.petervanderwoude.nl/post/managing-user-account-control-settings-via-windows-10-mdm/
Configuration profile is applied successfully but this still does not work:
Is there anything else that I should configure?
Thanks
Thank you for your quick response. I tried that profile, it is deployed successfully but I still get secure desktop when trying Run as Administrator:
Information for target host:
Checked MDM Diagnostic Report, it has value 3:
However, if I change setting to "Automatically deny elevation requests"(just to check other options) and run sync it works after few moments:
Hi,
Thanks for your reply.
The registry key corresponding to this policy is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser. Is the value of this key 3?
Best regards,
Simon
Hello,
yes, it is 3. Finally, I found it, also requires the second value to be 0 :
This can be achieved using the additional setting:
or via OMA-URIs:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 66%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
Have you looked at the built-in settings in the Settings Catalog under Local Policies Security Options?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 16%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
@Nick Hogarth I too have this similar question. I tried your method with the "User Account Control Behavior Of the The Elevation Prompt For Standard Users" which was set to "Prompt for credentials" but this still did not work.