Using Application Control Solution you can override UAC prompts for end-users. You can create custom messages that require users to submit a reason for requesting administrator rights, which replace UAC prompts for credentials.
You can create three types of custom messages: (For details on how to create this custom message, go to
- Self-Elevation Without Adding Administrator Rights will capture the reason and close the application. (For details on how to create this custom message, go to [READY] Self-Elevation Without Adding Administrator Rights.)
- Self-Elevation will capture the reason and allow end users to automatically have administrator rights. (For details on how to create this custom message, go to [READY] Self-Elevation.)
- Request Elevation will capture the reason and go through an approval process with the help desk. (For details on how to create this custom message, go to [READY] Request Elevation.)
Overriding UAC prompts is a -step process:
- Create an Environment Variable Filter.
- Create an Environment Variable Action. this action is used to prevent the UAC prompt from showing
- Create a Blank Application Control Policy.
To create an Environment Variable Filter, do the following steps:
- In the Security Manager Console, click the Policies tab.
- In the file library in the left pane, navigate to Policies > Arellia Solutions > Application Control > Filters > Dynamic Filters > EnvironmentalVariables.
- Right-click Environment Variables and click New > Environment Filter.
- In the Create Item dialog, enter a Name and Description.
- Set the variable Name to __APPINFO_RUNADMIN and set the Value of 1.
- In the Match Type menu choose Partial.
- Click Save.
To create an Environment Variable Action, do the following steps:
- In the file library in the left pane, navigate to Policies > Arellia Solutions > Application Control > Actions > Environment Variables.
- Right-click Environmental Variables and click New > Set Environment Variable Action.
- In the Create Item dialog, enter a Name and Description.
- Set the Environmental Variable Name to __APPINFO_RUNADMIN.
- Leave the Value field empty.
- Click Save.
Next, create a Blank Application Control Policy by doing the following steps:
- In the file library in the left pane, navigate to navigate to Policies > Arellia Solutions > Application Control > Policies.
- Right-click Policies and click New > Blank Application Control Policy.
- In the Create Item dialog, enter a Name and Description.
- In the right pane under the Applications to Control, click the Applications link and choose the new Environment Variable Filter. (Optionally you can change this so only certain applications or certain users will see the overridden UAC prompt.)
- Under Conditions (optional), click the Exclude any and add the Administrators filter to stop child processes (which inherit elevation) from triggering this policy.
- Click the Application Actions tab.
- To the right of Applications, select Application action set the action to the Clear UAC dialog action from step 6.
- Also set the action to include one of the following:
- Add Administrator Rights, and Justify Application Elevation Dialog (will behave like [READY] Self-Elevation)
- Add Administrator Rights, and Justify Application Elevation (kill process) Dialog (will behave like [READY] Self-Elevation Without Adding Administrator Rights)
- Add Administrator Rights, and Approval Request Form Action (will behave like [READY] Request Elevation)
- Save the policy and update the policies on an endpoint. Test the policy by right-clicking Command Prompt and selecting Run as administrator
- Instead of seeing UAC, you should see the custom message
- The recorded response will then be sent to the Arellia Management Server where it can be reviewed by the help desk team.