This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 49%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZG%3C/text%3E%3C/svg%3E)
I work on a Win2019 server and there's a group policy which is being applied daily. It turns on my User account control prompt, which I'd like to avoid.
the policy name is:
"User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode"
I'd like to have a scheduled job which scans the EventLog for an entry and run a PS script to disable UAC prompt, however I can't find the Event ID logged in when the GPU updates the UAC policy for prompting on elevation.
Does someone know the Event ID?
Thank you in advance!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
Just checking in to see if the information provided was helpful.
If the reply helped you, please remember to accept it as an answer.
If no, please reply and tell us the current situation in order to provide further help
Best Regards,
Welcome to share here if you have any updates.
Best Regards,
Hi,
To disable the policy User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" We just need to edit the GPO on which defined the policy by run command as administrator :gpresult /h report.html.
Then on this GPO ,navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. On the right pane ,find the policy: User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode = Right click policy setting, click Properties. Check the box Define this policy setting and choose Elevate without prompting.
For the events, we need to enable the audit policy :
The policy in interest is found at: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy
Audit Privilege Use will give you information about elevated usage using the UAC consent.exe dialog box in the System Event log. The Event IDs created by this: 4648 and 4624.
Audit Process Tracking will give you information about processes and their creation/termination. Event Id created by this: 4688.
Also, look at event id 4696 to see when a new token (user-logon handle) was assigned to process. Using all these events, you can get a clear picture of the timeline for every process that requested an elevated rights with UAC dialog.
Normally , the audit policy is used for troubleshooting .No need to be enabled all the time.
Best Regards,