As with so many settings on a Windows computer you can control what
happens via Group Policies. Since we are talking about Server 2012, our
first decision is whether to call for the Group Policy Management Console
(GPMC),
or the Local Group Policy Editor, the choice depends on whether the server
is part of domain.
At the Metro UI type:
Secpol.msc, or In Server Manager, click Tools menu Security
policy settings.
Remember UAC is a Computer Configuration.
Head for Windows Settings
Security Settings
Local Policies
Security Options.
Now if you scroll down to the bottom there are several policies to disable the UAC.
To turn off the 'Continue ..' dialog box select this setting: User
Account Control: Behaviour of the elevation prompt, 'Elevate without
prompting'.
Elevate without prompting: Allows privileged accounts to perform an
operation that requires elevation without requiring consent
or credentials. Note: Use this option only in the most constrained
environments.
Observe in the screenshot above how all the other settings controlling the
behavior of the elevation prompt for administrators in Admin Approval Mode,
require credentials or prompt for consent. See more about configuring
User Account
Control: Behaviour of the elevation prompt
Guy Recommends 3 Free Active Directory Tools
SolarWinds have produced three Active Directory add-ons. These free utilities
have been approved by Microsoft, and will help to manage your domain by:
Seeking and zapping unwanted user accounts.
Finding inactive computers.
Bulk-importing new users. Give this AD utility a try, it's
free!
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
SolarWinds'
Network Performance Monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
Perhaps the NPM's best feature is the way it suggests solutions to network
problems. Its second best feature is the ability to monitor the health of individual VMware
virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you
give this Network Performance Monitor a try.
An Example of User Account Control (UAC)
in Windows Server 2012
Let us consider this situation, you needed to install a driver, Windows Server 2012 presents you with a dialog box. After reading the UAC menu, you click: 'Continue' and thus receive elevated rights for the
duration of the task. The key concept is you don't have to logoff and logon as an administrator. Instead Windows Server 2012 just switches tokens, performs the named task, and then returns you to normal user
status.
As an example of UAC in action, let us assume that you wish to check the new System Restore settings. You launch the System Icon, (Windows Key and Pause / Break) then you click on 'System Protection' and
up pops a Windows Security box - even if you are the Administrator. To gain the elevated rights needed to complete your mission, just click the 'Continue' button. See screen shot below.
A good habit to cultivate is always to check that the program specified in the central band, is the program you intended; in this case, 'Change
Computer Settings'. Beware that if you
are connected to the internet, then sites may have rogue programs that mimic this menu and trick you into installing Spyware.
The first point to realize is that by default even the administrator needs
elevated privileges to make certain changes to the operating system. The
good news is that you can avoid this nagging dialog box provided you are willing to take the risk
that a rogue program, or more likely, an unintentional action could cripple your Windows
server.
As a security measure the operating system temporarily blocks any
executable that seeks to make a change that requires an administrator's
approval. Each time this happens you can either click the 'Continue' button
in the dialog box, or else modify the policy to disable the Windows
Server 2012 UAC.
The benefit of using the
Windows Server 2012s User Account Control (UAC) is that it enables you to run applications such as
Excel, but in the context of an ordinary user. Then when you need to
perform Administrative tasks such as installing a driver,
UAC prompts you the necessary rights, all you need to do is click on 'Continue' and
you have the permission to complete that one task.
Evolution of Windows Server
2012 User Account Control
Microsoft has not changed the UAC much from Server 2008 to Server 2012. There
seems less debate on the merits of UAC this time around.
Administrators seem polarized between those who turn it off, and those who
accept the dialog box. Microsoft has helped by allowing more tasks to
complete without the need for elevated privileges, thus less intrusion of
the dialog box, and as a result less complaints from administrators.
For example: we can adjust the mouse or amend the Power Settings without the
UAC appearing.
In Beta versions of
Windows Server 2008, UAC was called UAP (User Account Protection). More than just a
change of acronym, this indicated that UAC is part of a larger security
area, which Microsoft are rapidly evolving.
User Account Control is a development of least-privilege user access, or LUA. My view is that User Account Control has grown out of the 'Run
as..' feature of Windows Server 2003 or the 'Switch User' feature of XP.
There are programs such as Regedit where you need to right-click and
'Run as administrator'. PowerShell or cmd would be other programs
where certain tasks result in an error message such as:
'The requested operation requires elevation'.
The answer to avoiding this message is to think ahead and 'Run as
administrator. Even better, find the 'Advanced Box', and tick the box
so that you always receive elevated administrative privileges.
The problem is the User Account Control dialog box interrupts the flow of
configuring a setting. The solution of editing the group policy is a little more tricky on
Server 2012 in a domain, than Windows 8 client in a workgroup.
If you like this page then please share it with your friends
Guy Recommends:
SolarWinds' NPM - Network Performance Monitor
SolarWinds' performance monitor is designed for detecting network outages,
making it easy to see what's working, and what needs your attention.
This utility guides you through creating network maps; it also helps
identifying whether the
root cause is faulty equipment, or resource overload. Give NPM a try.
