المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : ويندوز سيرفر Window Server تحكم وصول المستخدم Set UAC level using Group Policy



Rise Company
25-05-2019, 15:56
ويندوز سيرفر Window Server تحكم وصول المستخدم Set UAC level using Group Policy
Turn On Admin Approval Mode in Windows "Administration Prompt"
Configure UAC settings via policy -Enable UAC via GPO
Admin Approval Mode

https://www.rise.company/upload/uploads/155880003904671.png

هذه الخاصية هامة جدا للـ users الموجودين على الدومين حيث هناك الكثير من الاشياء المحظورة عليهم

والـ admins بيحتاجوا فى بعض الاحيان صلاحيات لبعض اعمالهم على جهاز هذا user

فيكون وظيفة UAC هى بدل اعطاء رسالة Denied تطلب صلاحية الادمن

To combat the privilege problem of previous operating systems, the software giant gave only the administrator account full, unrestricted access to all aspects of the PC. An account with administrative privileges technically operates as a standard user account until an action requiring administrative permission is needed. At that time, the account temporarily enters Admin Approval Mode and reenters standard user mode after the action is complete.


Enable User Account Control Using Group Policy

We will create a group policy and define the settings to enable the UAC.
First open the Server Manager Console and click on Tools. Now click Group Policy Management from the drop down. Right click on the domain and click on Create a GPO in this domain and link it here. Provide a suitable name to the GPO and right click the policy and click on Edit.


https://www.rise.company/forum/images/imported/2019/05/38.jpg


In the GPMC editor click on Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. On the right pane there are lot of settings that you see, so you need to modify the following policies.
1) User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode = Right click policy setting, click Properties. Check the box Define this policy setting and choose Elevate .
2) User Account Control: Detect application installations and prompt for elevation = Right click policy setting, click Properties. Check the box Define this policy setting and choose enable.
3) User Account Control: Run all administrators in Admin Approval Mode = Right click policy setting, click Properties. Check the box Define this policy setting and choose enable.


https://www.rise.company/forum/images/imported/2019/05/39.jpg

Run gpupdate /force on Windows client machine. The logged on users might see a notification that a restart is required to turn on user account control. After the restart of the client machine you will see that UAC is set to always notify on the client machine.

المرجع:
https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works
https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account