Windows UAC Status service
The Windows UAC Status service monitors if the UAC is enabled on the target machine.
For more information, see www.microsoft.com.
Manufacturer Information
| Service Type | AMP |
| PowerShell cmdlet | Get-ItemProperty-Path |
| Supported Systems/Application | Windows Workstation Vista or later. |
N-able N-central Information
| Known Limitations | Only Windows workstation Vista or later. |
| Max. Instances Per Device | 1 |
| Supported Device Class | Workstation - Windows Laptop - Windows |
| Notification Profile | N/A |
| Monitored By | Local Agent |
Troubleshooting
| Issue | Corrective Action |
| UAC Enabled is False | Check UAC settings on windows. |
Metrics
| WMI Class | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ |
There are three keys in this registry that need to be configured to properly enable UAC:
- ConsentPromptBehaviorAdmin
- ConsentPromptBehaviorUser
- EnableLUA
They can be configured with a number of values, as shown in the table below.
The UAC setting is typically set using a slider bar on the UAC Settings dialog box, accessible through the Control Panel. On certain operating system platforms, moving this setting to its lowest level
(Never Notify), disables UAC. Any other value enables UAC.
On other operating system platforms (usually those with higher security requirements – such as servers and enterprise editions), UAC cannot be disabled through the UAC dialog. That is, even when the UAC setting is at its lowest level, UAC may still be enabled.
Regardless of which environment the operating system platform is in, the Is UAC Enabled AM object checks the value of the UAC setting based on the value of the slider bar, and reports it as disabled if the setting is set to its minimum value; any other value will report UAC as enabled.
Set the value for these keys as follows:
- ConsentPromptBehaviorAdmin = 1
- ConsentPromptBehaviorUser = 1
- EnableLUA = 1
Setting any of the values to 0 will disable UAC, regardless of the value of the EnableLUA key.
| Key | Value | Description |
|---|---|---|
ConsentPromptBehaviorAdmin (Defines the User Account Control behaviour for system administrators.) | 0 | Allows an administrator to perform operations that require elevated privileges without consent (prompts) or authentication (credentials). |
| 1 | Requires the administrator to enter a username and password when operations require elevated privileges on a secure device. | |
| 2 | Displays the UAC prompt that needs to be permitted or denied on a secure device. No authentication is required. | |
| 3 | Prompts for credentials to access the device. | |
| 4 | Displays the UAC prompt for consent to access the device. | |
| 5 | The default value. Prompts for consent for non-Windows binaries. | |
ConsentPromptBehaviorUser (Defines the User Account Control behaviour for standard users.) | 0 | Automatically denies any operation that requires elevated privileges if attempted by a standard user. |
| 1 | Displays a prompt to enter the username and password of an administrator to run the operation with elevated privileges on the secure desktop. | |
| 3 | The default value. Prompts for credentials on a secure desktop. | |
| EnableLUA | 0 | Disables UAC. |
| 1 | Enables UAC. |
| WMI Property | Supported Values | Calculations/ Threshold Mapping | Default Thresholds |
| UAC Enabled | True False | N/A | On |