Disable The Registry Policy Setting

Posted By admin On 21/08/21
  1. Disable The Registry Policy Settings
  2. Excel Disable Registry Policy Settings
  3. Registry Policy Setting Word

Depending on your situation, you may want to take control of how Exchange’s Autodiscover lookup process works. Specifically, there are a lot of scenarios where Autodiscover will break because the lookup process isn’t properly controlled. In this article, I’ll go over registry settings that will let you control which steps are used and which ones are skipped.

I suggest you disable the obsolete group policies. If you delete or disable the policy and run “gpupdate /force” on every users/computers, the settings would disappear. You do not need to set the policies back to not configured first. It would work for existing users/computers. User Account Control: Virtualize file and registry write failures to per-user locations. The User Account Control: Virtualize file and registry write failures to per-user locations policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time.

ADMX Templates

Before I get into it, if you work in an on-prem AD environment, you may want to control all of the systems in AD to make sure they work right with Autodiscover. This can be done with Group Policy, but requires that you install the Office ADMX templates into your central policy store. The ADMX templates for Exchange 2013 are available here. For the Office 365 licensed version as well as 2016 and 2019, go here. If you don’t know how to deploy ADMX templates, there is a good tutorial available here.The setup for a policy store in the domain is the same for all versions of Windows Server after 2003R2.

Once you have the ADMX templates installed, you can deploy the changes you want by going to User ConfigurationAdministrative TemplatesMicrosoft Outlook <version>Account SettingsExchange and modifying the policy called “Disable Autodiscover” (Probably the worst name ever for those people who like to have GPO settings that are easy to find). You’ll see the possible settings in this policy below. Just check the lookup steps you want to skip and deploy the GPO.

I’ll go over what each of these settings means in a minute.

Registry Settings

If you just want to control this for a single computer, there are some registry modifications you can make (or you can install the ADMX templates on a single computer). The registry keys to control Autodiscover are located at HKEY_CURRENT_USERSoftwareMicrosoftOfficex.0OutlookAutoDiscover and HKEY_CURRENT_USERSoftwarePoliciesMicrosoftOfficex.0OutlookAutoDiscover To work with the Autodiscover registry settings, add the key you want from the list below to both registry locations. I’ll go over the settings here and compare with the GPO settings above.

  • PreferLocalXML – This one doesn’t show up in the above GPO setting, but can be used if you wish to deploy a local XML file that defines Autodiscover. This is usually more work than it’s worth, so I don’t recommend it.
  • ExcludeHttpRedirect – The same as “Exclude the HTTP redirect method” above. This prevents Outlook from allowing an Autodiscover redirect from occurring. This technique allows someone to create a site to accept traffic for Autodiscover and send it to a different site. Exchange Hosting organizations (Other than O365) will use this regularly, and blocking this will prevent access to environments that use this technique.
  • ExcludeHttpsAutoDiscoverDomain – This will prevent Autodiscover from checking autodiscover.domain.com for the Autodiscover.xml file. This is where autodiscover takes the email domain, adds Autodiscover. to the front, and looks at that URL. This is the most common Autodiscover technique in use today. Does the same thing as “Exclude the query for the Autodiscover domain” in the GPO.
  • ExcludeHttpsRootDomain – Prevents Outlook from looking at the root email domain.com URL for the Autodiscover.xml file. It’s not particularly common for this setting to apply, but the lookup for it occurs before the most common technique. You’ll want to use this if you are hosting a web server that uses domain.com for its URL and accepts request for all child URLs. This step trips up a lot of people, so I recommend disabling this step in most situations because it will speed up Autodiscover and prevent incorrect lookups. This one is equal to the “Exclude the root domain query based on your Primary SMTP address” GPO policy.
  • ExcludeScpLookup – The AD SCP is another extremely common tool for pointing to the Autodiscover.xml file. This method applies to lookup attempts for users that are logged in to computers in an Active Directory domain. The SCP is customizable, and can cause issues shortly after deploying new servers (until you set the SCP value to function properly), so you may want to disable this lookup before doing that. “Exclude the SCP object lookup” GPO setting will do the same thing.
  • ExcludeSrvRecord – The SRV record technique lets you set a server for Autodiscover in a DNS SRV record. This is useful if you have a certificate with a single server name listed on it that isn’t autodiscover.domain.com. This is actually the last lookup done for Autodiscover, and disabling it is unnecessary in the vast majority of situations (unless you’re trying to disable Autodiscover, which is a bad idea at this point). This is the “Exclude the SRV record query in DNS” GPO setting.
  • ExcludeLastKnownGoodURL – Autodiscover records the last URL that received a 200 code (AKA – Good URL event code for HTTPS). If you are stuck with a bad URL in Autodiscover (happens if you’re dealing with the root domain situation listed above), setting this will let things go through normally. Equals the “Exclude last known good URL” setting in the GPO.
  • ExcludeExplicitO365Endpoint – Prevents Outlook 2016 and later from checking Office 365 for a matching email address or user account. The function that this disabled can be a real pain in the neck if you have Office 365 with your domain added, but no Exchange mailboxes in the cloud. Disable it with this registry setting or “Exclude initial check to Office 365 Autodiscover URL”.

Important Notes

It is possible to disable Autodiscover entirely by setting all of the above registry settings or GPO options to 1/enabled. This is a bad idea if you use Outlook 2016 or later, since those versions will only create profiles with Autodiscover. So unless you like using IMAP or POP3 to access Exchange, don’t do it.

The GPO setting to “Disable the Autodiscover V2 Service” is something you’ll probably want to ignore unless you feel like breaking Outlook integration with other pieces of the Microsoft Office suite. Autodiscover V2 allows Outlook to read things like Teams calendars without being configured. If you don’t want that, disable this GPO setting, but be aware that you may be missing some useful functionality by doing so.

Other Resources

I’ve written a lot about Autodiscover, so if you want to learn more, visit these posts:

Configure Exchange Autodiscover
Exchange Autodiscover – The Active Directory SCP
Configuring Autodiscover for Internal DNS
QuickPost: What do Exchange Virtual Directories Do?
Configuring Exchange Virtual Directories
Fixing Outlook Certificate Errors
Autodiscover – Microsoft Docs

Summary :

Although disabling UAC is a terrible idea, this move is necessary if UAC prevents some applications from running properly. MiniTool will show you how to disable UAC Windows 10. Additionally, some tips on how to change UAC for standard user to automatically deny UAC elevation requests are also introduced simply.

What Is UAC in Windows 10

UAC, short for User Account Control, is a component of Microsoft Windows’s security system. It can help mitigate the impact of malware by preventing apps from making unwanted changes on the PC.

Windows 10 will pop up a UAC confirmation dialog to ask you to confirm the change or not when some software attempts to change system-related parts of the file system or Windows Registry. Simply put, UAC can offer a special security environment, which protects your user account that has limited access rights well.

However, turning UAC on sometimes prevents programs from running well. Then, a solution is to disable UAC in Windows 10. In this post, we will introduce four methods.

Tip: Enabling UAC can be an additional protection tip to prevent dangerous apps and viruses. Disabling it without a reason is a terrible idea! So, be cautious of this.

Related article: How to Protect Your Computer from Virus

How to Disable UAC Windows 10

Option 1: Disable UAC via Control Panel

Step 1: Type control panel in the search bar of Windows 10 and click this app in the result to open it.

Step 2: Go to User Accounts > Change User Account Control settings.

Step 3: Drag the slider control to Never notify and click OK to apply the change.

This way, the UAC is disabled and you won’t receive any notification. But this won’t completely disable User Account Control that is still active in the background.

Option 2: Disable UAC Windows 10 Command Line

Step 1: Run Command Prompt as administrator.

File

Step 2: To turn off UAC Windows 10, enter the following command and press Enter:

reg.exe ADD HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v EnableLUA /t REG_DWORD /d 0 /f.

Tip: To turn UAC on, use the command - reg.exe ADD HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v EnableLUA /t REG_DWORD /d 1 /f.

Step 3: Reboot your computer to let the change take effect.

Option 3: Disable UAC Group Policy

Step 1: Input Policy Editor in the Windows 10 search box and click Edit group policy.

Disable The Registry Policy Settings

Step 2: Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

Saudi arabia wc 2018 kitsempty spaces the blog. Step 3: Scroll down to the bottom to find User Account Control: Run all administrators in Admin Approval Mode and double-click on it, choose Disabled and click OK.

Excel Disable Registry Policy Settings

Option 4: Disable UAC Windows 10 Registry Key

Note: Before changing Windows Registry, we recommend you to back up registry to avoid system accidents.

Step 1: Press Win plus R keys to launch the Run dialog.

Step 2: Input regedit.exe and click OK.

Step 3: Go to the path:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem

Step 4: Double-click on the key - EnableLUA and change its Value data to 0.

Registry Policy Setting Word

Step 5: Save the change and restart your computer.

Now, we have shown you how to disable UAC Windows 10 in detail. In addition, you may want to set UAC to automatically deny elevation requests from users with standard-level credentials to avoid being prompted to enter administrator credentials to confirm all the time when running a program requiring elevated permissions.

How to Automatically Deny UAC Elevation Requests

You can do this work via Windows Registry or Group Policy.

In Group Policy, go to Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options, double-click on User Account Control: Behavior of the elevation prompt for standard users and choose Automatically Deny elevation requests.

In the Registry Editor window, navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem, double-click the ConsentPromptBehaviorUser key and change its Value data to 0 so that you can automatically deny UAC elevation requests.

The End

After reading this post, you will know clearly on how to disable UAC Windows 10 and how to change UAC for standard user to automatically deny elevation requests. Just try the methods above based on your needs to perform these operations to User Account Control.