UAC and Remote Desktop Services

by Mitch Tulloch [Published on 9 Feb. 2012 / Last Updated on 12 May 2011]

Should you enable or disable UAC on a server that has the Remote Desktop Services role installed?

User Account Control (UAC) can be a pain sometimes, but it serves a purpose and should only be disabled when it is safe to do so. Is it safe to disable UAC on servers? If only authorized administrators are allowed to interactively log on to the server, either via the console or over a Remote Desktop session, it may be safe to disable UAC on the server to make administration a bit easier. But if these administrators sometimes perform non-admin tasks on the server, such as checking their email or browsing the Web, then you should leave UAC enabled on the server.

What if you have a server that has the Remote Desktop Services role installed? If the server functions as a Remote Desktop Session Host (RD Session Host) so that end users can log on to session-based desktops running on the server, you should leave UAC enabled on the server. That's because end-users are usually not administrators, so you want to leave UAC enabled for them.

Mitch Tulloch is a seven-time recipient of the Microsoft Most Valuable Professional (MVP) award and widely recognized expert on Windows administration, deployment and virtualization. For more tips by Mitch you can follow him on Twitter or friend him on Facebook.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links