Disable UAC secure desktop using OMA-URI and configuration policy

Djordje Novakovic 311 Reputation points
2021-11-04T16:08:56.043+00:00

Hello,

we deploy autopilot machines with standard users(not local adminsitrators), Intune only and everything is in Azure AD.
When user has to install something UAC secure desktop prompts for credentials. I would like to disable secure desktop and then user will be able to do copy/paste of local admin password.

I am trying to disable secure desktop in UAC using custom configuration profile with these settings:

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
Data type: Integer
Value: 3

https://www.petervanderwoude.nl/post/managing-user-account-control-settings-via-windows-10-mdm/

146595-uac.jpg

Configuration profile is applied successfully but this still does not work:

Is there anything else that I should configure?

Thanks

146566-uac1.jpg

Microsoft Security | Intune | Enrollment
Microsoft Security | Intune | Other
0 comments No comments
{count} votes

Accepted answer
  1. Djordje Novakovic 311 Reputation points
    2021-11-04T23:10:00.04+00:00

    Thank you for your quick response. I tried that profile, it is deployed successfully but I still get secure desktop when trying Run as Administrator:

    146701-uac2k.png

    Information for target host:

    146588-uac21kjj.png

    Checked MDM Diagnostic Report, it has value 3:

    146692-uac21k.png

    However, if I change setting to "Automatically deny elevation requests"(just to check other options) and run sync it works after few moments:

    146665-uac21kffdsfsdjj.png


1 additional answer

Sort by: Most helpful
  1. Nick Hogarth 3,521 Reputation points Volunteer Moderator
    2021-11-04T21:11:24.19+00:00

    Have you looked at the built-in settings in the Settings Catalog under Local Policies Security Options?
    146655-2021-11-05-8-09-50.png


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.