Can WMIC be used to set UAC level?

Question

I'd like to use a WMIC command in my SCCM 2012 Task Sequence to set UAC to the correct level. Can this be done? If not, what would be my best option during W7x64 deployment?

Answer 1

You can't set the UAC level via wmic.

There are a bunch of registry values that control the UAC level that can be manipulated:

• FilterAdministratorToken
• ConsentPromptBehaviorAdmin
• ConsentPromptBehaviorUser
• EnableInstallerDetection
• ValidateAdminCodeSignatures
• EnableLUA
• PromptOnSecureDesktop
• EnableVirtualization

Check this documentation out: https://msdn.microsoft.com/en-us/library/cc232771.aspx

Answer 2

I experimented with the answer by Fallen Vagrant by setting UAC to the default and to the lowest (0) setting. Here is what changes (looks like two registry settings to me):

                        Default UAC=0   
FilterAdministratorToken    1   1   Is Admin automatically in admin mode
ConsentPromptBehaviorAdmin  5   0   When to prompt - 5 modes just like UAC settings
ConsentPromptBehaviorUser   3   3   Do std users have chance to supply credentials or are they summarily nuked
EnableInstallerDetection    1   1   Should OS detect that installation will require privilege
ValidateAdminCodeSignatures 0   0   Should interactive packages that require privilege have their crypto signatures verified, 1 means yes
EnableLUA                   1   0   0 gets rid of the admin approval mode
PromptOnSecureDesktop       1   0   Do UAC prompts happen on secure desktop or interactive desktop

It looks like setting EnableLUA to 0 causes most things to open in admin mode. Setting ConsentPromptBehaviorAdmin to 0 causes programs that are already configured to open as admin to open without prompting.

Another setting worth noting: HKEY_CURRENT_USER\Console ForceV2.

ForceV2 = 0 is the same as setting 'Use legacy console' on the Options tab of a shortcut. This is required if you use 16-bit programs and NTVDM.