Skip to content

Group Policy Settings for UAC

Unfortunately there is no single Group Policy Setting to choose the UAC Level. We wanted to specify the Level of the UAC Slider with GP, it turns out that you need to define all of the settings below to ensure that the UAC Slider is set.

The details of each level are below.

GP Location: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options
(All the settings below begin with “User Account Control:”)

UAC LEVEL 1

Never notify me when:
Programs try to install software or make changes to my computer.
I make changes to Windows settings.

Admin Approval Mode for the Built-in Administrator account = Disabled
Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled
Behavior of the elevation prompt for administrators in Admin Approval Mode = Elevate without prompting
Behavior of the elevation prompt for standard users = Prompt for credentials
Detect application installations and prompt for elevation = Enabled
Only elevate executables that are signed and validated = Disabled
Only elevate UIAccess applications that are installed in secure locations = Enabled
Run all administrators in Admin Approval Mode = Disabled
Switch to the secure desktop when prompting for elevation = Disabled
Virtualize file and registry write failures to per-user locations = Enabled
———————————————
UAC LEVEL 2

Notify me only when programs try to make changes to my computer (do not dim my desktop)
Don’t notify me when I make changes to Windows settings

Admin Approval Mode for the Built-in Administrator account = Disabled
Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled
Behavior of the elevation prompt for administrators in Admin Approval Mode = Prompt for consent for non-Windows binaries
Behavior of the elevation prompt for standard users = Prompt for credentials
Detect application installations and prompt for elevation = Enabled
Only elevate executables that are signed and validated = Disabled
Only elevate UIAccess applications that are installed in secure locations = Enabled
Run all administrators in Admin Approval Mode = Enabled
Switch to the secure desktop when prompting for elevation = Disabled
Virtualize file and registry write failures to per-user locations = Enabled
——————————————-
UAC LEVEL 3

Default – Notify me only when programs try to make changes to my computer.
Don’t notify me when I make changes to Windows Settings

Admin Approval Mode for the Built-in Administrator account = Disabled
Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled
Behavior of the elevation prompt for administrators in Admin Approval Mode = Prompt for consent for non-Windows binaries
Behavior of the elevation prompt for standard users = Prompt for credentials
Detect application installations and prompt for elevation = Enabled
Only elevate executables that are signed and validated = Disabled
Only elevate UIAccess applications that are installed in secure locations = Enabled
Run all administrators in Admin Approval Mode = Enabled
Switch to the secure desktop when prompting for elevation = Enabled
Virtualize file and registry write failures to per-user locations = Enabled
————————————————
UAC LEVEL 4

Always notify me when:
Programs try to install software or make changes to my computer
I make changes to Windows settings

Admin Approval Mode for the Built-in Administrator account = Disabled
Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled
Behavior of the elevation prompt for administrators in Admin Approval Mode = Prompt for consent on the secure desktop
Behavior of the elevation prompt for standard users = Prompt for credentials
Detect application installations and prompt for elevation = Enabled
Only elevate executables that are signed and validated = Disabled
Only elevate UIAccess applications that are installed in secure locations = Enabled
Run all administrators in Admin Approval Mode = Enabled
Switch to the secure desktop when prompting for elevation = Enabled
Virtualize file and registry write failures to per-user locations = Enabled

Back To Top