[Solved] Windows 10 (1703) - Task Manager UAC



  • I noticed that in Windows 10, opening task manager while logged in as a standard user, displays the UAC login prompt. I see other people have had this behavior in prior versions, but am wondering why the hell this happens.

    I haven't tried it yet, but posts show that a user can enter in their creds to open it. If that is the case, what is the point of displaying the prompt to begin with. In Windows 7, it would open the task manager and certain features would prompt to elevate to admin only if you chose them.

    Is this the new normal?



  • @wrx7m I think that happen if you have UAC settings higher than default. A regular user may be able to pass cred check for some settings like task manager, but not Perf Monitor, which requires admin. Or you done messed up a GPO.



  • @momurda said in Windows 10 (1703) - Task Manager UAC:

    @wrx7m I think that happen if you have UAC settings higher than default. A regular user may be able to pass cred check for some settings like task manager, but not Perf Monitor, which requires admin. Or you done messed up a GPO.

    Hmm... I will have to check. I have different GPOs for desktops and laptops. I noticed it today, when helping a new user.



  • Laptop is working fine under the user. Now I have to go through my pre-windows 10 domain-wide GPO for the desktops to try and narrow it down.



  • Cut half the settings out of a copy of the GPO, but still haven't found it. I will have to narrow it down tomorrow. I'm going cross-eyed.



  • I think the UAC prompt pops up so that malware/bots/virii/spyware etc can't automatically run things that they shouldn't have access to. The prompt pops up and whatever has triggered it is running is stuck until somehow creds are entered.

    I don't think it is always a user 'level of access thing' if you get what I mean.

    I could be totally wrong??????????????



  • I finally found the GPO setting that caused this issue-

    Computer Configuration>Policies>Windows Settings>Security Settings>Local Policies>User Rights Assignment

    Load and unload device drivers - Enabled with Everyone and NT Authority\Authenticated Users listed.

    I had to change it to Not configured.

    0_1528315769936_2b6b6a24-bede-47d1-bd4d-3df40eb2c368-image.png