Hi @Immer
You may need to create a new security group , and apply the GPO to get the policy.
Policy to configure:
Computer Configuration > Policies > Windows Settings > Security Setting > Local Policies/Security Options >User Account > Control > Policy Setting
User Account Control: Admin Approval Mode for the Built-in Administrator account Enabled
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop Enabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent
User Account Control: Behavior of the elevation prompt for standard users Prompt for credentials
User Account Control: Detect application installations and prompt for elevation Enabled
User Account Control: Only elevate executables that are signed and validated Disabled
User Account Control: Only elevate UIAccess applications that are installed in secure locations Disabled
User Account Control: Run all administrators in Admin Approval Mode Enabled
User Account Control: Switch to the secure desktop when prompting for elevation Disabled
User Account Control: Virtualize file and registry write failures to per-user locations Enabled
Reference article:
What is UAC & How to configure it in your Domain?
Hope this helps!
----------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best Regards
Karlie