Hi,With our current XP build, all of our users are administrators... something I'd like to change!We're going to implement UAC with Windows 7 when it's released; switching all users to Standard User and make more use of the Administrator account for remote tasks etc.Something I've noticed when looking at group policy etc is that you can exclude the Administrator account from the UAC, meaning that it elevates without prompting. Does this apply when running a script in the background? For example, I'm logged on as bloggs_j as a standard user and the script runs as administrator in a different session.. would it prompt for elevation in the user session even if the administrator account is excluded from prompting?Hope that makes sense!CheersNeil

Neil - Let's see if we can disentangle some of this.. If you've got a standard user, and you've got a script that includes something that requires admin rights, and you right-click on that script and have it Run as Administrator, UAC would most likely challenge the user with a prompt right from the start because the non-admin user isn't an admin.. but it would seem to me that if you're running a batch file or other script as the Administrator, UAC won't be triggered. If I'm running a CMD prompt window,and I type in a command that requires administrative rights, and that CMD window was NOT set up to run as administrator - pretty much nothing happens other than an "access denied" message. UAC is never triggered. But if I run the CMD window as Admin, the command gets executed successfully.

Think that answers it.As well as batch files and alike, some third party software like our anti virus central console and some other bits might need to remotely execute commands. I'm not in a position to test this at the moment but I'm assuming that if said software sends a command to a machine as administrator with a standard user logged in then the UAC won't trigger?I think you may have answered that question in your 3rd paragraph... but it would be useful to clarify.Cheers.

Neil - Not 100% sure what sort of command your AV would send out that would or wouldn't be triggering a UAC.... That would largely depend on the software itself and how it was written. Which AV product are you using?