UAC and Remote Desktop Services


User Account Control (UAC) can be a pain sometimes, but it serves a purpose and should only be disabled when it is safe to do so. Is it safe to disable UAC on servers? If only authorized administrators are allowed to interactively log on to the server, either via the console or over a Remote Desktop session, it may be safe to disable UAC on the server to make administration a bit easier. But if these administrators sometimes perform non-admin tasks on the server, such as checking their email or browsing the Web, then you should leave UAC enabled on the server.

What if you have a server that has the Remote Desktop Services role installed? If the server functions as a Remote Desktop Session Host (RD Session Host) so that end users can log on to session-based desktops running on the server, you should leave UAC enabled on the server. That's because end-users are usually not administrators, so you want to leave UAC enabled for them.

Mitch Tulloch is a seven-time recipient of the Microsoft Most Valuable Professional (MVP) award and widely recognized expert on Windows administration, deployment and virtualization. For more tips by Mitch you can follow him on Twitter or friend him on Facebook.

2 thoughts on “UAC and Remote Desktop Services”

  1. UAC breaks application publishing in many cases, because the UAC often does not show up on the remote client, or is hiding behind the application. If MS could control UACs behavior so it did not interfere with the operation of the applications it might be a different story. Time to enter the real world Mitch.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top