ويندوز سيرفر Window Server تحكم وصول المستخدم Set UAC level using Group Policy
Turn On Admin Approval Mode in Windows "Administration Prompt"
Configure UAC settings via policy -Enable UAC via GPO
Admin Approval Mode
https://www.rise.company/upload/uplo...0003904671.png
هذه الخاصية هامة جدا للـ users الموجودين على الدومين حيث هناك الكثير من الاشياء المحظورة عليهم
والـ admins بيحتاجوا فى بعض الاحيان صلاحيات لبعض اعمالهم على جهاز هذا user
فيكون وظيفة UAC هى بدل اعطاء رسالة Denied تطلب صلاحية الادمن
To combat the privilege problem of previous operating systems, the software giant gave only the administrator account full, unrestricted access to all aspects of the PC. An account with administrative privileges technically operates as a standard user account until an action requiring administrative permission is needed. At that time, the account temporarily enters Admin Approval Mode and reenters standard user mode after the action is complete.
Enable User Account Control Using Group Policy
We will create a group policy and define the settings to enable the UAC.
First open the
Server Manager Console and click on
Tools. Now click
Group Policy Management from the drop down. Right click on the domain and click on
Create a GPO in this domain and link it here. Provide a suitable name to the GPO and right click the policy and click on
Edit.
https://www.rise.company/forum/image...2019/05/38.jpg
In the GPMC editor click on
Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. On the right pane there are lot of settings that you see, so you need to modify the following policies.
1) User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode = Right click policy setting, click
Properties. Check the box
Define this policy setting and choose
Elevate .
2) User Account Control: Detect application installations and prompt for elevation = Right click policy setting, click
Properties. Check the box
Define this policy setting and choose
enable.
3) User Account Control: Run all administrators in Admin Approval Mode = Right click policy setting, click
Properties. Check the box
Define this policy setting and choose
enable.
https://www.rise.company/forum/image...2019/05/39.jpg
Run
gpupdate /force on Windows client machine. The logged on users might see a notification that a restart is required to turn on user account control. After the restart of the client machine you will see that UAC is set to
always notify on the client machine.
المرجع:
https://docs.microsoft.com/en-us/win...-control-works
https://docs.microsoft.com/en-us/win...olicy-settings
https://docs.microsoft.com/en-us/win...trator-account