Highlighted
Absent Member.
Absent Member.
1019 views

Bypassing UAC When Deploying Bundles in Windows 10

I'm hoping to get some advice in relation to launching a ZENworks bundle which runs a .exe from a remote server share on a Windows 10 client device that has UAC enabled.

We are using the HP SSM tool to deploy drivers and firmware to all our laptops and desktops. UAC was not enabled in our Windows 7 SOE so we never had any issue's running the HP SSM.exe silently as the 'Run As Logged In User' account that initiates the SSM.exe from a mapped drive on a remote server, (Our domain users are a member of the 'Local Administrators' group).

Now with Windows 10 we have had to enable UAC and this is now initiating a UAC prompt every time the SSM bundle is launched. I realise that there are options to launch applications as a 'Scheduled Task' in Windows 10 and you can 'Run With Highest Privileges'.

Just wondering what my options are to bypass the UAC prompt? I could run using the 'Secure System User' account; however this account would not have access to the mapped drive where .exe is located.

Any ideas would be much appreciated, many thanks.
Labels (2)
0 Likes
2 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: Bypassing UAC When Deploying Bundles in Windows 10

Jim2462;2486558 wrote:
I'm hoping to get some advice in relation to launching a ZENworks bundle which runs a .exe from a remote server share on a Windows 10 client device that has UAC enabled.

We are using the HP SSM tool to deploy drivers and firmware to all our laptops and desktops. UAC was not enabled in our Windows 7 SOE so we never had any issue's running the HP SSM.exe silently as the 'Run As Logged In User' account that initiates the SSM.exe from a mapped drive on a remote server, (Our domain users are a member of the 'Local Administrators' group).

Now with Windows 10 we have had to enable UAC and this is now initiating a UAC prompt every time the SSM bundle is launched. I realise that there are options to launch applications as a 'Scheduled Task' in Windows 10 and you can 'Run With Highest Privileges'.

Just wondering what my options are to bypass the UAC prompt? I could run using the 'Secure System User' account; however this account would not have access to the mapped drive where .exe is located.

Any ideas would be much appreciated, many thanks.


Have you tried "Run as dynamic administrator" with "Select credential for network access"?
Another way would be to "copy directory" action from remote server to the local workstation, then from there lauch it as system user and after that delete the local directory?

Thomas
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Bypassing UAC When Deploying Bundles in Windows 10

Dynamic Administrator would do this as well as System.
The Credential Vault would require UNC vs Mapped Drives.
And as Thomas Pointed out if UNC would not be possible, use a Copy Action run as user to copy locally and then install and then remove....

Also since it sounds as if your users are local administrators...you could set this key....
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000000

That will cause the Prompt to be skipped for local admins.....
Mind you...I would never consider having my users logon as local admins nor ever disable UAC or UAC prompting....just too dangerous....
I would go with an idea above...
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.