For Policy Compliance and FDCC scans, UAC must be turned off on target hosts running Vista, Windows 7, Windows 2008 and Windows 2008 R2.
Two methods for turning off UAC on Vista, Windows 7, Windows 2008 and Windows 2008 R2 hosts are described below.
This method for turning Off UAC is appropriate when you are using a domain account with Group Policy settings.
Use the Group Policy Editor to edit the Group Policy where the hosts are located.
Group Policy changes may have an adverse affect on your network operations, depending on your network configuration and security policies in place. Note that detailed descriptions for many Group Policy settings listed below are available online when using the Group Policy Editor.
Follow these steps:
1. In the Group Policy Editor window, browse to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
2. Scroll down to find the User Access Control policies (in the right pane). You need to configure the following settings:
Setting |
Value |
User Account Control: Admin Approval Mode for the Built-in Administrator account |
Disabled |
User Account Control: Detect application installations and prompt for elevation |
Disabled |
User Account Control: Run all administrators in Admin Approval Mode |
Disabled |
3. Reboot your target hosts.
This method for turning Off UAC is appropriate for non-domain local scanning.
Follow these steps:
1. Open the Control Panel.
2. Click the link titled "Add or remove user accounts".
3. Click on one of the user accounts.
4. Under the user account, click the link titled "Go to the main User Accounts Page".
5. On the "Make changes to your user account" page, click the link titled "Change security settings".
6. On the page titled "Turn on User Account Control (UAC) to make your computer more secure", de-select (clear) the check box "Use User Account Control (UAC) to help protect your computer". Then click OK.
7. When prompted, reboot your computer.