Who disabled UAC, and when?

Forums › Microsoft Windows › Who disabled UAC, and when?

Paul1977

5171 posts

Uber Geek
+1 received by user: 2192

#198719 20-Jul-2016 09:21

I have a 2008 R2 Remote Desktop Server. When I logged in this morning, I was presented the little notification flag "Windows must be restarted to disable UAC".

We have limited users with admin rights.

I suspect it was one of our software vendors who were logged in looking at our database last night, and emailed that they had trouble connecting to their own FTP server from our server "even attempting to run IE / Windows Explorer as Administrator". I suspect that after it didn't work when running in admin mode they tried disabling UAC, then gave up after it requested a reboot.

I have queried them about this but haven't had a response yet, but if they deny it I'd like to be able to prove if it was them. Making this kind of system wide security change without permission is totally unacceptable.

I haven't been able to find anything, but does Windows log when someone changes UAC settings?

Thanks

Home: Work:
Home Work

old3eyes

9158 posts

Uber Geek
+1 received by user: 1364

Subscriber

#1595466 20-Jul-2016 09:22

First thing on my own PCs that I disable is UAC. I notice on one of my Win10 PCs every time there is a preview update UAC gets turned back on again..

Regards,

Old3eyes

MikeAqua

8024 posts

Uber Geek
+1 received by user: 3817

#1595488 20-Jul-2016 10:15

Yep I have W10 and W8.1 both re activate UAC when there is an update.

PITA

Mike

timbosan

2199 posts

Uber Geek
+1 received by user: 294

Subscriber

#1595490 20-Jul-2016 10:19

Won't it just be in the event log?

ubergeeknz

3344 posts

Uber Geek
+1 received by user: 1041

Trusted

Vocus

#1595491 20-Jul-2016 10:29

Should be in one of the event logs, maybe Security

Inphinity

2780 posts

Uber Geek
+1 received by user: 1184

#1595493 20-Jul-2016 10:33

I may be wrong, but from memory I don't think auditing of this is enabled by default.

Paul1977

5171 posts

Uber Geek
+1 received by user: 2192

#1595619 20-Jul-2016 13:34

Can't see it in any of the logs, but is difficult to be sure when it is a fairly large time window I am searching and don't know what code I am looking for to filter it by :(

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

geekiegeek

2513 posts

Uber Geek
+1 received by user: 625
Inactive user

#1595657 20-Jul-2016 14:35

old3eyes:

First thing on my own PCs that I disable is UAC. I notice on one of my Win10 PCs every time there is a preview update UAC gets turned back on again..

Why? Can't say I experience any issues with it on.

MikeAqua

8024 posts

Uber Geek
+1 received by user: 3817

#1595677 20-Jul-2016 15:21

geekiegeek:

old3eyes:

First thing on my own PCs that I disable is UAC. I notice on one of my Win10 PCs every time there is a preview update UAC gets turned back on again..

Why? Can't say I experience any issues with it on.

In W8/10 UAC prevents some apps from launching. PITA

Mike

old3eyes

9158 posts

Uber Geek
+1 received by user: 1364

Subscriber

#1595704 20-Jul-2016 16:02

geekiegeek:

old3eyes:

First thing on my own PCs that I disable is UAC. I notice on one of my Win10 PCs every time there is a preview update UAC gets turned back on again..

Why? Can't say I experience any issues with it on.

Why would i want to click "yes" just for the most basic task in a lab environment??

Regards,

Old3eyes

Aaroona

3204 posts

Uber Geek
+1 received by user: 169

#1601274 30-Jul-2016 11:34

old3eyes:

geekiegeek:

old3eyes:

First thing on my own PCs that I disable is UAC. I notice on one of my Win10 PCs every time there is a preview update UAC gets turned back on again..

Why? Can't say I experience any issues with it on.

Why would i want to click "yes" just for the most basic task in a lab environment??

We have UAC on for absolutely everything at work, so the last thing I need is to be nagged at home too.

I've had no issues with having UAC turned off for years at home, so I'll continue to do so. It's a cool feature, but frustrating at the same time - as a lot of security features are.. functional but a bit inconvenient.