By default the service uses SYSTEM, thus when you use the "Execute Program" op rule step, it will execute as system. If you create a MSI or custom package and choose not to use a STEP to execute, same applies. If you would like to verify do the following:
Create a new Op Rule
Use the step "Execute Program"
Keep the default settings (This will launch Notepad)
Assign to a device with the agent where you can login (assign to your machine)
Open Task Manager on same device and go to "Details" Tab
See what user is assigned as the user that launched Notepad
Screen shots below:
Thank you for the prompt response! I wanted to confirm this works for MyApps as well? I mention this because I did as outlined above with MyApps and it still prompts user with UAC
UAC still will card if your GPO assigned is not limited to Domain Users. Please review your GPO settings for UAC. Some customers have no issues while others experience what you are experiencing as the issue is "Environmental".
So to clarify, I am encountering this issue due to UAC Domain configuration? The rule runs as system but required elevated credentials to run? (is there any solution to this?)
1 of 1 people found this helpful
You can assign the above suggested test using Notepad or a CMD and publish to MyApps to once again confirm. You do have the option to launch as Current User by selecting the check box at the top of the properties page of the assigned device but by default when assigned to a device or device group it is run as System.
Here is a pre-populated search link into Communities dealing with UAC:
Here is a prepopulate link for UAC and GPO: