UAC Override

When users attempt to start restricted applications they will receive a User Account Control (UAC) prompt for credentials. You can use Application Control Solution to create custom messages requiring users to provide a reason why they need administrator rights, which will override UAC prompts.

You can create these custom messages to end with the following results:

• Capture the reason and close the application (go to Self-Elevation Without Adding Administrator Rights)
• Capture the reason and automatically allow administrator rights (go to Self-Elevation)
• Capture the reason and go through an approval process with the help desk (go to Request Elevation)
   

Override the UAC

To create customer messages that will override the UAC, do the following steps:

1. In the Security Manager Console, click the Policies tab.
2. In the file library in the left pane, navigate to Policies > Arellia Solutions > Application Control > Filters > Dynamic Filters > Environmental Variables.
3. Right-click Environment Variables and click New > Environment Filter.
4. Give the filter a name, such as "UAC Detected."
5. Set the Environment Variable Name to __APPINFO_RUNADMIN.
6. Set the Value to 1.
7. Set the Match Type to Partial.
   
8. Click Save.
9. In the file library in the left pane, navigate to Policies > Arellia Solutions > Application Control > Actions > Environment Variables.
10. Right-click Environmental Variables and click New > Set Environment Variable Action.
11. Give the action a name, such as Clear UAC dialog.
12. Set the Environmental Variable name to __APPINFO_RUNADMIN and empty value.
    
13. Click Save (this action prevents the UAC prompt from showing).
14. In the file library in the left pane, navigate to Policies > Arellia Solutions > Application Control > Policies.
15. Right-click Policies and click New > Blank Application Control Policy.

16. Under the Applications to Control tab, for Applications select UAC detected (the new filter you created in step 2).

    Note

    You can also change the filter to override the UAC prompt for only certain applications or users.

    
    

17. Under Conditions (optional), Exclude any, select the Administrators filter to stop child processes (which inherit elevation) from triggering this policy.
18. Click the Application Actions tab and select the Application action to the Clear UAC dialog action you created in step 6.
19. Also set the action to include one of the following:
    1. Add Administrator Rights, and Justify Application Elevation Dialog (will behave like Self-Elevation).
    2. Add Administrator Rights, and Justify Application Elevation (kill process) Dialog (will behave like Self-Elevation Without Adding Administrator Rights).
    3. Add Administrator Rights, and Approval Request Form Action (will behave like Request Elevation).
    
20. Save the policy and update the policies on an endpoint.
21. Test the policy by right-clicking Command Prompt and clicking Run as administrator.
    
22. Instead of the UAC, the custom message will appear.
    
    
    
    
23. The recorded response will then be sent to the Arellia Management Server where it can be reviewed by the help desk team.