question

Andy-7143 avatar image
0 Votes"
Andy-7143 asked AllenLiu-MSFT commented

Bypass UAC via MECM/SCCM

Client Version Windows 10 2004
MECM version 2107
I am using Compliance Settings to uninstall apps on clients everything runs smoothly except UAC (if clients with admin rights no problem at all).
Is there any method we can bypass UAC via PowerShell or settings?
I know we can using GPO but it's not controlled by us
Thank you in advance




































windows-server-powershellwindows-10-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered AllenLiu-MSFT commented

Hi, @Andy-7143
Thank you for posting in Microsoft Q&A forum.

We may try to uninstall software using WMI, here is a great example to uninstall Java by compliance setting, you may refer to it to see if it helps:
https://blog.ctglobalservices.com/powershell/mas/uninstall-java-or-other-software-with-configmgr-compliance-baselines/
(Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.)

Don't check the option "Run scripts by using the logged on user credentials".


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your suggestion but the app is installed for per user instead of local machine(i.e OneDrive) we can't use Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -match "OneDrive"} to find it at all. If I create script as app or package to deploy it when I choose user's right it works but popup UAC or choose administrative right it doesn't work because in administrator's path there is no OneDrive installed( As I mentioned the app installed for per user instead of local machine)

0 Votes 0 ·

We may try to disable UAC via below command line:
%windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

https://www.itdroplets.com/disable-uac-via-command-line/
(Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.)

0 Votes 0 ·

Thank you for your help but if we change LUA we must reboot it. I found the way to achieve my goal

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

ConsentPromptBehaviorUser DWORD

0 = Automatically deny elevation requests
1 = Prompt for credentials on the secure desktop
3 = Prompt for credentials (default)

https://www.tenforums.com/tutorials/112634-change-uac-prompt-behavior-standard-users-windows.html

I changed default value 3 to 0 (Needn't reboot)

0 Votes 0 ·
Show more comments