Bypassing UAC When Deploying Bundles in Windows 10

I'm hoping to get some advice in relation to launching a ZENworks bundle which runs a .exe from a remote server share on a Windows 10 client device that has UAC enabled.

We are using the HP SSM tool to deploy drivers and firmware to all our laptops and desktops. UAC was not enabled in our Windows 7 SOE so we never had any issue's running the HP SSM.exe silently as the 'Run As Logged In User' account that initiates the SSM.exe from a mapped drive on a remote server, (Our domain users are a member of the 'Local Administrators' group).

Now with Windows 10 we have had to enable UAC and this is now initiating a UAC prompt every time the SSM bundle is launched. I realise that there are options to launch applications as a 'Scheduled Task' in Windows 10 and you can 'Run With Highest Privileges'.

Just wondering what my options are to bypass the UAC prompt? I could run using the 'Secure System User' account; however this account would not have access to the mapped drive where .exe is located.

Any ideas would be much appreciated, many thanks.

Tags:

  • Jim2462;2486558 wrote:
    I'm hoping to get some advice in relation to launching a ZENworks bundle which runs a .exe from a remote server share on a Windows 10 client device that has UAC enabled.

    We are using the HP SSM tool to deploy drivers and firmware to all our laptops and desktops. UAC was not enabled in our Windows 7 SOE so we never had any issue's running the HP SSM.exe silently as the 'Run As Logged In User' account that initiates the SSM.exe from a mapped drive on a remote server, (Our domain users are a member of the 'Local Administrators' group).

    Now with Windows 10 we have had to enable UAC and this is now initiating a UAC prompt every time the SSM bundle is launched. I realise that there are options to launch applications as a 'Scheduled Task' in Windows 10 and you can 'Run With Highest Privileges'.

    Just wondering what my options are to bypass the UAC prompt? I could run using the 'Secure System User' account; however this account would not have access to the mapped drive where .exe is located.

    Any ideas would be much appreciated, many thanks.


    Have you tried "Run as dynamic administrator" with "Select credential for network access"?
    Another way would be to "copy directory" action from remote server to the local workstation, then from there lauch it as system user and after that delete the local directory?

    Thomas
  • Dynamic Administrator would do this as well as System.
    The Credential Vault would require UNC vs Mapped Drives.
    And as Thomas Pointed out if UNC would not be possible, use a Copy Action run as user to copy locally and then install and then remove....

    Also since it sounds as if your users are local administrators...you could set this key....
    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=dword:00000000

    That will cause the Prompt to be skipped for local admins.....
    Mind you...I would never consider having my users logon as local admins nor ever disable UAC or UAC prompting....just too dangerous....
    I would go with an idea above...