Windows UAC Status service

The Windows UAC Status service monitors if the UAC is enabled on the target machine.

For more information, see www.microsoft.com.

Manufacturer Information

Service Type AMP
PowerShell cmdlet Get-ItemProperty-Path
Supported Systems/Application Windows Workstation Vista or later.

N-able N-central Information

Known Limitations Only Windows workstation Vista or later.
Max. Instances Per Device 1
Supported Device Class Workstation - Windows
Laptop - Windows
Notification Profile N/A
Monitored By Local Agent

Troubleshooting

Issue Corrective Action
UAC Enabled is False Check UAC settings on windows.

Metrics

WMI Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

There are three keys in this registry that need to be configured to properly enable UAC:

  • ConsentPromptBehaviorAdmin
  • ConsentPromptBehaviorUser
  • EnableLUA

They can be configured with a number of values, as shown in the table below.

The UAC setting is typically set using a slider bar on the UAC Settings dialog box, accessible through the Control Panel. On certain operating system platforms, moving this setting to its lowest level (Never Notify), disables UAC. Any other value enables UAC.

On other operating system platforms (usually those with higher security requirements – such as servers and enterprise editions), UAC cannot be disabled through the UAC dialog. That is, even when the UAC setting is at its lowest level, UAC may still be enabled.

Regardless of which environment the operating system platform is in, the Is UAC Enabled AM object checks the value of the UAC setting based on the value of the slider bar, and reports it as disabled if the setting is set to its minimum value; any other value will report UAC as enabled.

Potential to disable UAC!

Set the value for these keys as follows:

  • ConsentPromptBehaviorAdmin = 1
  • ConsentPromptBehaviorUser = 1
  • EnableLUA = 1

Setting any of the values to 0 will disable UAC, regardless of the value of the EnableLUA key.

Key Value Description

ConsentPromptBehaviorAdmin

(Defines the User Account Control behaviour for system administrators.)

0 Allows an administrator to perform operations that require elevated privileges without consent (prompts) or authentication (credentials).
1 Requires the administrator to enter a username and password when operations require elevated privileges on a secure device.
2 Displays the UAC prompt that needs to be permitted or denied on a secure device. No authentication is required.
3 Prompts for credentials to access the device.
4 Displays the UAC prompt for consent to access the device.
5 The default value. Prompts for consent for non-Windows binaries.

ConsentPromptBehaviorUser

(Defines the User Account Control behaviour for standard users.)

0 Automatically denies any operation that requires elevated privileges if attempted by a standard user.
1 Displays a prompt to enter the username and password of an administrator to run the operation with elevated privileges on the secure desktop.
3 The default value. Prompts for credentials on a secure desktop.
EnableLUA 0 Disables UAC.
1 Enables UAC.

 

WMI Property Supported Values Calculations/
Threshold Mapping
Default Thresholds
UAC Enabled True
False
N/A On