Introduction Windows 7 offers many benefits and the deployment of Windows 7 has been covered in detail on many other posts and sessions. One aspect that has not been touched on quite as much is that of managing the Software Delivery aspect of Windows 7 with Notification Server 6.x. Although many of us have plans to go to Notification Server 7.x, it may be a while and we cannot necessarily put off our migrations or pilots of Windows 7. This article will hopefully point folks in the right direction as I have done quite a bit of testing and found these settings to work reliably. That being said, not every environment is the same so what may work for me may not work for you. Environment:
User Account Control: Admin Approval Mode for the built-in Administrator account
FilterAdministratorToken
Disabled
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop
EnableUIADesktopToggle
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
ConsentPromptBehaviorAdmin
Prompt for consent on the secure desktop
User Account Control: Behavior of the elevation prompt for standard users
ConsentPromptBehaviorUser
Prompt for credentials on the secure desktop
User Account Control: Detect application installations and prompt for elevation
EnableInstallerDetection
Disabled (default for enterprise)
User Account Control: Only elevate executables that are signed and validated
ValidateAdminCodeSignatures
User Account Control: Only elevate UIAccess applications that are installed in secure locations
EnableSecureUIAPaths
Enabled
User Account Control: Run all administrators in Admin Approval Mode
EnableLUA
User Account Control: Switch to the secure desktop when prompting for elevation
PromptOnSecureDesktop
User Account Control: Virtualize file and registry write failures to per-user locations
EnableVirtualization