Always reject UAC prompt for a specific program

Question

In Windows 10 (Enterprise, version 2004, build 19041), is it possible to always reject UAC elevation prompts for a specific application executable?

This is for a legacy pre-installed internal application that attempts to gain admin privileges, but can function normally even when the elevation request is rejected.

Until the user interacts with the UAC prompt, the application does not launch. When the application exits, it brings up the UAC prompt again.

Observing this behavior, I would like to deny any and all elevation attempts for this specific executable.

Note that this is a different question than the multitude of posts regarding always allowing an application.

score 1 · Answer 1 · answered Jul 01 '20 at 19:27

The solution appears to be using the compatibility shim to force the application to RunAsInvoker

Create a Registry Entry under "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers"
Key: Full path to application executable
Value: RunAsInvoker

Always reject UAC prompt for a specific program

1 Answers1