New
#1
UAC Admin Account Control
Afternoon all,
Looking to see if anyone has any information about local admin control while on a domain.
Basically we'd like to give our laptop users the ability to use UAC with a local administrative account, but we want to ensure that users (or anyone for that matter) do not have the ability to log into that local admin account.
Basically an Admin account with all the permissions it needs to uplift the standard user's permissions, that has no profile to log into.
We've come into situations where we've been giving a local admin account to travelers with their laptops, only to find on their return that they've created their own local admin accounts (with their temporary travel account) to circumvent UAC when they are back in the office. Which of course is completely unacceptable.
Is it possible to create the local account, log into it, then log off, log into another Admin account, and give the new local account "no permissions" to any of its user folders? What are the side effects of doing that?