Solved: ISE 2.4 - Disabling UAC prompt on Windows

jmanzell@cisco.com · ‎01-08-2020

Hello team. The ISE 2.4 release notes mention a posturing enhancement for disabling the User Access Control prompt on Windows endpoint. Do we have any additional info around this feature, as I'm not finding anything in the admin guide. Will this feature disable UAC prompts when initially installing AnyConnect on windows endpoints, or does it take affect for future changes, after AC has already been installed?

Greg Gibbs · ‎01-08-2020

The feature was added in AC 4.6:

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect46/release/notes/b_Release_Notes_AnyConnect_4_6.html#reference_iwz_3kr_ycb

View solution in original post

Greg Gibbs · ‎01-08-2020

Hi John,

This feature is more around suppressing the UAC prompt when AC needs to perform remediation activities like patch management, firewall changes, etc.

When enabled, the UAC prompts will be suppressed for operations performed by AC that would otherwise trigger the prompt for the user. This does not disable UAC system-wide.

Cheers,

Greg

jmanzell@cisco.com · ‎01-08-2020

Thank you Greg. Do you know if there is a minimum version of AnyConnect needed to support this feature? I don't see this documented.

Greg Gibbs · ‎01-08-2020

The feature was added in AC 4.6:

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect46/release/notes/b_Release_Notes_AnyConnect_4_6.html#reference_iwz_3kr_ycb

JimmyB22 · ‎04-09-2024

My company is seeing UAC prompts as well after we upgraded to 4.10.7 . We have since chose to upgradto secure client 5 but that has not provided relief. We have the ise config set to disable UAC , however the posture module is still triggering UAC prompts. We notice that vpndownloader.exe is the triggering executable. Anyone have any experience suppressing these UAC prompts?