Jump to content

How do I configure an app to bypass UAC if I've disabled a user account's task scheduler privileges?

Keystone Nyan Cat
Go to solution Solved by Tabs,

If you disable new task creation, task deletion but leave "prevent task run or end" at default, you can manually create the task yourself, as administrator, knowing that users can't change, add, or delete any. 

 

Wouldn't that solve your problem? Is there some method of bypassing the GPO for modifying/creating/deleting tasks that warrants the extra lockdown implemented by preventing tasks from running or ending? Remember that this will also prevent things like chrome from updating since it uses a scheduled task for it.

I have a computer which many people use through the day and can run applications; one of which being Steam. I don't want users installing their own 3rd party software outside of Steam, but want Steam to be able to update itself and it's games. To the end of disabling the installation of 3rd party software, that's handled by the account being a user; which requires the administrator's password to install anything. To disable most forms of UAC bypass through task scheduler- I've enabled the following parameters under a computer's group policy for Task Scheduler the following settings-

  • Prevent Task Run or End              
  • Prohibit New task Creation         
  • Prohibit Task deletion
  • Prohibit Drag-and-Drop

 

This prevents me from configuring certain apps from being able to bypass UAC on the user account through this method here. Does anyone know any way I can configure certain apps from running in an elevated state on a user group within Windows 10?

 

Edit- put in other words- I want to isolate a particular application from the UAC (allow it to bypass UAC an run in an elevated state) in a user account on Windows 10 without using Task Scheduler.

PC in Profile

Link to comment
Share on other sites

Link to post
Share on other sites

If you disable new task creation, task deletion but leave "prevent task run or end" at default, you can manually create the task yourself, as administrator, knowing that users can't change, add, or delete any. 

 

Wouldn't that solve your problem? Is there some method of bypassing the GPO for modifying/creating/deleting tasks that warrants the extra lockdown implemented by preventing tasks from running or ending? Remember that this will also prevent things like chrome from updating since it uses a scheduled task for it.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×