User installed software bypassing UAC

Federico Coppola 1,181 Reputation points
2021-02-01T16:31:53.413+00:00

Hi all,
I noted today a very strange event on a company laptop.

This laptop is joined to Active Directory domain and the user has got User level privileges at domain level.
I have NOT "forced" permission user level on laptop from Control Panel.

He downloaded a software and he installed it without asking me nothing (I am system administrator of the company).
He said me that pressed "NO Button" when UAC Administrator Account appeared and he could install software without issue.

I noted that software that the user dowloaded does not have "UAC shield" on the installer executable.

Is it normal that user can bypass UAC?

I hope to be clear.

Best regards

Federico

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,818 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,780 questions
{count} votes

Accepted answer
  1. Charlie 81 Reputation points
    2021-02-11T00:46:12.197+00:00

    Flux is a portable app, it does not install into the program files but instead stays inside the user's profile. This means that there is technically, no installation and as such means that people can open and run this application without administrator approval.

    You can restrict this with AppLocker whitelisting to prevent apps that you do not authorise.

    0 comments No comments

7 additional answers

Sort by: Most helpful
  1. Fan Fan 15,306 Reputation points Microsoft Vendor
    2021-02-02T00:10:53.493+00:00

    Hi,
    Thanks for sharing here!
    Would you please tell what privileges did the user have at domain level?
    Is it for the specific user or all the users?
    How was the UAC configured at the domain level group policy or the local group policy.
    I would suggest you run a gpresult /h report.html and check the result.

    Best Regards,

    0 comments No comments

  2. Federico Coppola 1,181 Reputation points
    2021-02-02T23:30:18.027+00:00

    Dear @Fan Fan

    User is a Domain User at Domain Level.
    It is the same level for all users.

    UAC is enabled, I recently disable Secure Desktop.

    Thanks


  3. Federico Coppola 1,181 Reputation points
    2021-02-03T18:44:40.017+00:00

    Hi @Fan Fan ,

    I noted that software installed by user has not have UAC Shield near icon.

    63604-capture.png

    Tomorrow I will share you "gpresult /h report.html" output.

    Ps Picture is generated by my laptop.

    0 comments No comments

  4. Federico Coppola 1,181 Reputation points
    2021-02-05T21:46:21.94+00:00

    Hi @Fan Fan

    This is GPO output:

    64693-image.png

    gpresult /h report.html showed just user policy.