I’ve already talked about how to eliminate UAC for a stand alone Vista machine, now I am going to show you how to set a domain Group Policy to eliminate UAC for all of your Vista workstations. My original post is here. I apologize for the delay in getting this posted, but there were a few pre-requisites that I had to complete first. Mainly, we had to address the schema extensions in a Server 2003 or SBS 2003 domain. You need these schema extensions so the Group Policies know how to manage Vista. Please review, and follow, my schema extension entry here, before you proceed. I am working off of the assumption that your schema is already extended. If you don’t have the Server 2008 or at least Vista extensions, the rest of this discussion will not work for you. “No soup for you”, says the soup Nazi <smirk>.
If you’ve reviewed my other two blogs you’ve probably heard enough of my cautions, but here goes one more. I expect that if you are going to follow these instructions that you have the appropriate skill set, or you are testing these in a lab environment first. Please do not just put this into production without testing. You’ll not only be hurting yourself, but you’ll also make it harder to provide direction like this in the future. If you need more detail, ping me, but I’ve intentionally assumed a level of skill in my readers. I’ve only provided two screen shots, if you don’t know how to fill in the blanks, then I’d like you to understand a bit more about Group Policies before you proceed. We have some very good documentation on Group Policies, please take a read before you proceed.
Let’s get to it! If you checked out and followed along with both of my prior blogs, the UAC for a Vista workstation and the schema extension discussion, then all you need to do now is ensure that you have the remote server administration tools (RSAT) installed on your Vista desktop. My schema extension discussion covered the RSAT so you should be set.
Let’s fire up the mmc, and then add the Group Policy Management snap-in. Choose your Group Policy Objects and then create a new policy.
Edit the new policy and navigate down to \User Configuration\Policies\Control Panel\Printers and then disable Point and Print Restrictions. If you’ve looked at my original posting, this diagram should look pretty similar.
The nice thing about Group Policies is that there is very little difference between machine policies and Domain Policies, it’s just what object you start at :)… Once the policy is configured, then you just need to link it to an object. To apply it to your whole Domain, right click on your Domain (in the Group Policy Management console) and choose Link an Existing GPO… and then choose the new GPO you just created. Once your machines re-load their group policies, you shouldn’t be bothered by UAC again.
Like I warned you, this one was pretty short, most of the information you need is in my two prior postings I referenced earlier. This entry is just connecting the final dots.
I hope this helps, and I’d love to hear your feedback.
Until next time!