The Computer Oracle

How to deny elevation to a program?

--------------------------------------------------
Rise to the top 3% as a developer or hire one of them at Toptal: https://topt.al/25cXVn
--------------------------------------------------

Music by Eric Matyas
https://www.soundimage.org
Track title: Over a Mysterious Island Looping

--

Chapters
00:00 How To Deny Elevation To A Program?
02:45 Accepted Answer Score 4
03:46 Thank you

--

Full question
https://superuser.com/questions/396757/h...

--

Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...

--

Tags
#windowsvista #uac #privileges #elevation

#avk47


ACCEPTED ANSWER

Score 4


A possible solution is to use two policies in concert:

  1. Configure the already mentioned ConsentPromptBehaviorUser group policy setting to Automatically deny elevation requests. As stated in the question, this will affect all programs that run.

  2. Next ENABLE the User Account Control: Only elevate executables that are signed and validated policy setting. (From Microsoft) This setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.

  3. Sign any trusted programs with your organization's key and publish it to the Trusted Publishers certificate store on all computers in your organization. More info.