It’s recommended never to disable UAC/User Access Control (there are many instructions to disable it for piracy programs downloaded from the internet, and unfortunately in Mongolia almost all computers even in enterprises have disabled UAC in windows)
The main reason to have enabled UAC is ability for the sysadmin to run installation and system configuration commands without re-login during remote or interactive sessions on asked help workstation. According to the best industrial practices you need to exclude any end user from workstation Local Administrators (depriving rights to install non-authorized programs and change/damage system configurations). If you disabled UAC then there is no more pop-up window asking your administrator credentials to elevate permissions to run installation programs, to run admin configuration tools on end user workstation. You will be blamed and cursed by users with multiple opened Excel docs and other programs when you demand them to close everything and logoff just to install small program, run quick admin command to fix problem and so on (without UAC you need to kickout/logoff current user and login as administrator). Worse case is when you need fix issue without logoff – for example teamviewer is not installed on user computer (just chosen to run option), unattended logon is not configured, windows logon for teamviewer is not allowed — so you cannot remotely re-login (logoff will just disconnect you from remote client).
That’s why you better configure enforcement of enabled UAC setting for any workstation in your company thru Group Policy.
Several advice when you enabled UAC and logged on workstation under limited user (for example grabbed remote console thru vPro or Dameware, teamviewer):
- to run any program with elevation of rights — Rclick the program and choose “Run as administrator” — the same for services.msc (to stop/start service without re-login) and so on
- to change context to administrators run cmd as administrator and run from cmd necessary cpl or commandline command (i don’t know other simple way to run cpl as administrator under other user except runas command – if you know pls share with me in comments), snap-in for example mmc – then any windows snap-in will work with administrator privileges without logoff of current ordinary limited in rights user. Just don’t forget to close this cmd window after helpdesk session :).
- there is also recommendation even for administrators to work under dedicated user account with ordinary non-administrative permissions – in this case above recommendations will help you to do your routine everyday admin tasks.