The table lists the default for each of the policy settings, and the following sections explain the different UAC "All hookup sites-available default programs control" settings and provide recommendations.
For more information about each of the Group Policy settings, see the Group Policy description. For information about the registry key settings, see Registry key settings. The User Account Control: Admin Approval Mode for the built-in Administrator account policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.
Allow UIAccess applications to prompt for elevation without using the secure desktop policy setting controls whether User Interface Accessibility UIAccess or UIA programs can automatically disable the secure desktop for elevation prompts used by a standard user.
UIA programs are designed to interact with Windows and application programs on behalf of a user.
This policy setting allows UIA programs to bypass the secure desktop to increase usability in certain cases; however, allowing elevation requests to appear on the interactive desktop instead of the secure desktop can increase your security risk. UIA programs must be digitally signed because they must be able to respond to prompts regarding security issues, such as the UAC elevation prompt. By default, UIA programs are run only from the following protected paths:.
Only elevate UIAccess applications that are installed in
All hookup sites-available default programs control locations policy setting disables the requirement to be run from a protected path. While this policy setting applies to any UIA program, it is primarily used in certain remote assistance scenarios, including the Windows Remote Assistance program in Windows 7.