Manualshelf

Owner's Manual

ManualsBrandsDell ManualsSoftwareDell Update Packages Version 5.5
51525354555657585960
54 Microsoft Windows Server 2008 User Account Control
UAC prompts users in the Domain Administrators group (except the
Administrator account) to click Continue, if they need to elevate privileges, or
to click Cancel when performing functions that may entail a security risk. With
UAC, users have to upgrade to an Administrator account before running DUPs.
NOTE: Since the user experience is configurable with the Security Policy Manager
snap-in (secpol.msc) and with Group Policy, there are multiple UAC user
experiences. The configuration choices made in your environment will affect the
prompts and dialogs seen by standard users, administrators, or both. UAC can be
disabled by disabling the User Account Control: Run Administrators in Admin
Approval Mode setting and requires a system reboot.
If a DUP is run in the GUI mode, the Windows Server 2008 operating system
needs the user to permit the operation. But if a DUP is run in unattended
mode, the user can bypass the popup window for permission by performing
any of the below actions:
Change the group security policy,
User Account Control:
Behavior of the elevation prompt for
administrators in Admin Approval Mode
, to
No Prompt
to
disable the popup or elevate privileges without prompting for the
Administrators group.
Disable UAC.
Use scripts to run the DUP and impersonate yourself as a local
administrator at runtime.
UAC Restrictions When Running DUPs remotely
By default, after UAC starts up, all Administrator Account users login as
Standard Users. Thus, rights to access critical system resources are not
available until the user confirms the privilege elevation request. This restriction
disables the option to remotely deploy DUPs. UAC returns an Access Denied
error if the management node agent runs on these login credentials.
You can bypass the UAC restrictions by:
Enabling remote agent use of the Local System Account to perform a DUP
update. The Local System Account is not protected by UAC
(recommended option).
Using the Local Administrator Account on each remote machine where
the DUP is running.