LocalAccountTokenFilterPolicy

Disable UAC Remote Restrictions if we are scanning using our appliance.

When a user who is a member of the local administrators group on the target remote computer (the Cyber Tec Security Scanning Administrator) establishes a remote administrative connection by using the net use *\\remotecomputer\Share$ command, for example, they will not connect as a full administrator.

The user has no elevation potential on the remote computer, and the user cannot perform administrative tasks. If the user wants to administer the workstation with a Security Account Manager (SAM) account, the user must interactively log on to the computer that is to be administered with Remote Assistance or Remote Desktop, if these services are available.

You can

  • Manually edit the registry
    • Add the LocalAccountTokenFilterPolicy DWORD = 1 value

Registry Commands

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v LocalAccountTokenFilterPolicy /t Reg_DWORD /d 1

PowerShell Script

#Disable Remote UAC for scanning
Write-Host "Setting LocalAccountTokenFilterPolicy"
$val = Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "LocalAccountTokenFilterPolicy"
if($val.AutoCheckSelect -ne 1)
{
set-itemproperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "LocalAccountTokenFilterPolicy" -value 1
Write-Host "Changes Complete"
}
else
{
Write-Host "No change required"
}

FIREWALL RULES

See our Firewall Setup Here