User Account Control (UAC) in Windows 10

February 23, 2019 at 5:31 pm

User Account Control

This post serves as a supplement to my MD-100 training at CBT Nuggets! Enjoy!

I remember a friend at CBT Nuggets telling me quite boldly – “Windows was ruined for me when UAC hit!”

My guess is, it was probably around the poorly received Windows Vista when my friend formulated this opinion. Suddenly for him, Windows would interrupt his workflow with noise, some visual fanfare, and a question if he was really sure he wanted to do what he was trying to do.

In fairness to Microsoft, other Operating Systems take a similar approach – and this is a key element to truly securing the client.

Regardless of what you think about UAC, this post is meant to ensure that you completely understand it and that you can completely control it! For those of you studying Windows Server 2016 (or later), please understand that this post also applies!

Microsoft’s UAC helps prevent malware from damaging a PC. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. Because of this security context, UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.

UAC allows all users to log on to their computers using a standard user account. Processes launched using a standard user token may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by double-clicking a shortcut) also run with the standard set of user permissions. Many apps, including those that are included with the operating system itself, are designed to work properly in this way.

Other apps, especially those that were not specifically designed with security settings in mind, often require additional permissions to run successfully. These types of apps are referred to as legacy apps. Additionally, actions such as installing new software and making configuration changes to the Windows Firewall, require more permissions than what is available to a standard user account.

When an app needs to run with more than standard user rights, UAC can restore additional user groups to the token. This enables the user to have explicit control of apps that are making system-level changes to their computer or device.

But what about controlling the interruptions of your workflow? Well, the amount of “permissions granting” you must do is configurable with four basic levels. Keep in mind you can also make changes to UAC with various Group Policy settings that exist.

Here are the four levels of control that we should know. To set the level is easy, just search for UAC and click the option to change the UAC settings.

UAC has a slider to select from four levels of notification:

  • Always notify will:
    • Notify you when programs try to install software or make changes to your computer.
    • Notify you when you make changes to Windows settings.
    • Freeze other tasks until you respond.

    Recommended if you often install new software or visit unfamiliar websites.

  • Notify me only when programs try to make changes to my computer will:
    • Notify you when programs try to install software or make changes to your computer.
    • Not notify you when you make changes to Windows settings.
    • Freeze other tasks until you respond.

    Recommended if you do not often install apps or visit unfamiliar websites.

  • Notify me only when programs try to make changes to my computer (do not dim my desktop) will:
    • Notify you when programs try to install software or make changes to your computer.
    • Not notify you when you make changes to Windows settings.
    • Not freeze other tasks until you respond.

    Not recommended. Choose this only if it takes a long time to dim the desktop on your computer.

  • Never notify (Disable UAC prompts) will:
    • Not notify you when programs try to install software or make changes to your computer.
    • Not notify you when you make changes to Windows settings.
    • Not freeze other tasks until you respond.

    Not recommended due to security concerns.

So, it is worth noting, an expert user that knows how to avoid invalid Web sites and bogus applications can never be bothered with UAC alerts and confirimations. But please note, they better be truly expert at avoiding such potential problems!

For more information on the new Windows 10 exams – check out:

Finally! New Windows 10 Exams in Beta!

CBT Nuggets Releasing 70-743 Upgrading Your Skills to MCSA: Windows Server 2016

February 12, 2019 at 10:48 pm


You heard it here first – sections of the 70-743 course from Garth Schulte are already available on CBT Nuggets.

Sections complete as I write this are:

Enjoy the latest Server 2016 training and certification from a trainer and learning organization you can trust.

Garth has also worked hard on providing Hands On Labs to accompany that great training, so you can easily learn while following along with him.

This is training not to be missed!

Microsoft Exchange Server 2016: Mailbox Databases Arrives at CBT Nuggets!

November 11, 2018 at 12:41 pm

Microsoft Exchange

The first of several courses on Microsoft Exchange 2016 have arrived at CBT Nuggets. The first of these courses attacks one of the most important topics in the discipline – the mailboxes and databases that host them.

This course walks you through every step and every key decision point for these important mailbox databases. It even teaches you how to build a lab in Microsoft Azure to practice all of the actions you must take. The lab is scripted for you, so you can set it up in minutes.

You can find this new course here:

This intense course consists of the following Nuggets:

  1. Introducing Exchange 2016
  2. The Mailbox Database Section
  3. Azure Lab: Your Own Lab in the Cloud
  4. Azure Lab: Deploy the Virtual Network
  5. Azure Lab: Deploy the AD Domain Controller
  6. Azure Lab: Create the Exchange VM
  7. Azure Lab: Install Exchange 2016
  8. Azure Lab: Test Exchange 2016
  9. Azure Lab: Stopping and Starting Your VMs
  10. Planning for Mailbox Database Size
  11. Role Requirements Calculator
  12. Mailbox Database Capacity and Placement
  13. Archive Mailbox Capacity and Placement
  14. Public Folders in Exchange 2016
  15. Public Folder Capacity and Placement
  16. Planning the Storage Architecture
  17. Planning File System Requirements
  18. Planning for AutoReseed
  19. Planning for Virtualization Requirements
  20. Validating your Storage Design with Jetstress
  21. Exchange Deployment Assistant
  22. Creating and Configuring Mailbox Databases
  23. Managing Mailbox Databases
  24. Configuring Transaction Log Properties
  25. Planning for HA
  26. Identifying Failure Domains
  27. FSW for a DAG
  28. Azure Lab: Creating Another Mailbox Server
  29. Creating DAGs
  30. Creating Mailbox Database Copies
  31. DAG Networks
  32. Azure DAG Members
  33. Handling Server Maintenance and SLAs
  34. Site Resilient DAGs
  35. Planning the Cross-Site DAG
  36. Cross-Site DAG Quorum Options
  37. Datacenter Activation Coordination (DAC) Mode
  38. Test Site Recovery
  39. Monitoring Mailbox DB Replication and Indexing
  40. Troubleshooting Mailbox DB Replication and Replay
  41. Troubleshooting Mailbox DB Copy Activation
  42. Troubleshooting Mailbox Database Performance
  43. Troubleshooting Database Failures
  44. Resolving Quorum Issues
  45. Planning Backups for RPO and RTO
  46. Recovering Exchange Server and Other Components
  47. Performing a Dial Tone Restore
  48. Deploying and Managing Lagged Mailbox DB Copies Book Giveaway – MCSA 70-410

February 25, 2018 at 1:05 pm


I will be giving away my tech book collection here at the blog throughout the month as a thank you to my readers!

The third giveaway is ready – the top-rated 70-410 text for MCSA (Server 2012 R2).

The first reader THAT TRULY NEEDS this book for their studies to respond using the Contact Anthony link at the top of the blog will receive it. You must meet these conditions:

  • Mailing address in the continental US
  • Provide valid full name and mailing address in the email
  • Be a good person 🙂
  • Have not received a free gift from this site prior to this giveaway

I am so glad I can help you in your studies!

70-742 Additional Notes – On-Prem AD Integration with Azure

December 7, 2017 at 9:44 pm


Want to integrate your on-prem Active Directory with Azure? Azure AD Connect makes this simple. Azure AD Connect is the answer (for now!) The techniques for doing this have changed many times over the years – this document provides the options and comparisons for you:

AD to Azure Integration Options

This connectivity provides the following:

  • Users can use a single identity to access on-premises applications and cloud services such as Office 365
  • Single tool to provide an easy deployment experience for synchronization and sign-in
  • Provides the newest capabilities for your scenarios; Azure AD Connect replaces older versions of identity integration tools such as DirSync and Azure AD Sync; see the link above

Azure AD Connect consists of the following three components:

  • Synchronization – this component is responsible for creating users, groups, and other objects; it is also responsible for making sure identity information for your on-premises users and groups is matching the cloud
  • AD FS – federation is an optional part of Azure AD Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure; this can be used by organizations to address complex deployments, such as domain join SSO, enforcement of AD sign-in policy, and smart card or 3rd party MFA
  • Health Monitoring – Azure AD Connect Health can provide robust monitoring and provide a central location in the Azure portal to view this activity

Before installing this feature, you need to go through these hardware and software requirements carefully in order to ensure success. Note that there is an Express Setup option and this is only going to work if you have met all of these prerequisites. Note also that AD Federation Services in your on-prem is not necessarily a requirement.

Installation Requirements

Finally, here is a link to the Express Settings step-by-step:

Express Settings