UAC and Remote Desktop Services

by Mitch Tulloch [Published on 9 Feb. 2012 / Last Updated on 12 May 2011]

Should you enable or disable UAC on a server that has the Remote Desktop Services role installed?

User Account Control (UAC) can be a pain sometimes, but it serves a purpose and should only be disabled when it is safe to do so. Is it safe to disable UAC on servers? If only authorized administrators are allowed to interactively log on to the server, either via the console or over a Remote Desktop session, it may be safe to disable UAC on the server to make administration a bit easier. But if these administrators sometimes perform non-admin tasks on the server, such as checking their email or browsing the Web, then you should leave UAC enabled on the server.

What if you have a server that has the Remote Desktop Services role installed? If the server functions as a Remote Desktop Session Host (RD Session Host) so that end users can log on to session-based desktops running on the server, you should leave UAC enabled on the server. That's because end-users are usually not administrators, so you want to leave UAC enabled for them.

Mitch Tulloch is a seven-time recipient of the Microsoft Most Valuable Professional (MVP) award and widely recognized expert on Windows administration, deployment and virtualization. For more tips by Mitch you can follow him on Twitter or friend him on Facebook.

Featured Links