Knowledge - Details
Date Added: 12/26/2022
When logged in as a Standard User in Windows, and trying to open the Task Manager, you get a UAC prompt. The prompt includes the standard user's username on the list of "admin" users even though it is not in the Administrators group. This problem has other symptoms, like errors when trying to use RunAs, ability to "Run as Administrator" even though it is not a real administrator (not an exploit because the supposedly "Administrator" process still lacks actual admin rights).
This user account was previously an Administrator, but then got demoted to Standard user. Somehow, possibly during Windows Setup, a bunch of permissions got changed in Local Security Policy to give this user account various unusual permissions, causing it to behave oddly with UAC.
1) Open Local Security Policy
2) Navigate to Local Policies > User Rights Assignment
3) Remove any instances of the affected username from this whole page.
5) Now, this user can open Task Manager without a UAC prompt, can do RunAs normally, and does not appear on the UAC username list.
If you aren't sure about these changes, compare this affected computer's settings with an unaffected computer. You'll probably see, on the unaffected computer, that it doesn't include any regular usernames on this screen.
Disclaimer: Everything on this website is written for my own use. I disclaim any guarantees that the procedures and advice listed here are accurate, safe, or beneficial for anyone else. If you attempt to follow any procedures or advice shared here, you do it at your own risk. Part of IT work is knowing how to recover from problems.