What is Exchange Activesync Policies Broker, and why is it constantly showing UAC prompts?

windows-10 uac exchange

Solution 1:

Exchange ActiveSync Policies Broker is the program that implements Exchange ActiveSync policies, which are a way for the administrators of large organizations to manage the security of devices that can access Exchange mailboxes.

It runs, presumably, to download and install the latest version of any ActiveSync policies. To implement some policies, it needs administrative access to the machine.

Normally, it's registered in UAC's COM auto-approval list, so it can be loaded via the Component Object Model without producing a UAC prompt. Assuming you haven't set UAC to the highest level, the Policies Broker should be auto-elevated if there's a REG_DWORD Registry entry called {C39FF590-56A6-4253-B66B-4119656D91B4} with the data of 1 here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UAC\COMAutoApprovalList

If that value is present and the prompts are still appearing, make sure that this key exists:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39FF590-56A6-4253-B66B-4119656D91B4}\Elevation

Make sure it has a REG_DWORD entry called Enabled, set to 1. Further reading: The COM Elevation Moniker.

If the prompts continue to appear, make sure this key does not exist (note HKCU rather than HKLM):

HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{C39FF590-56A6-4253-B66B-4119656D91B4}

The presence of that key in a per-user (i.e. non-secure) location could conceivably make Windows think that this specific COM component shouldn't be allowed to automatically elevate.

Danger zone! I haven't tested this (since I can't reproduce the issue), but deleting the InProcServer32 and LocalServer32 keys under HKEY_CLASSES_ROOT\CLSID\{C39FF590-56A6-4253-B66B-4119656D91B4} has a very good chance of stopping that program from being run; it would simply stop that COM class from being instantiated. You'll have to adjust the permissions of the parent Registry key first, including changing its owner to Administrators rather than TrustedInstaller. If you're feeling particularly destructive, you could also delete EasPoliciesBrokerHost.exe and EasPoliciesBroker.dll from System32, since those are the files involved in that COM class. Again, this entire paragraph is dangerous and you should back things up before trying it. The rest of the answer is perfectly safe, though.

Solution 2:

I was suddenly having this issue every 10-30 minutes even though I was not signed in using a Microsoft account and I had never opened the Mail app. After opening the Mail app to see if that was related I started receiving the UAC prompt every few seconds. I fixed this by uninstalling the Mail app as follows:

  1. Start PowerShell as an administrator
  2. Run the following command: Get-AppxPackage *microsoft.windowscommunicationsapps* | Remove-AppxPackage

Note: This also removes the calendar app.

Related

How good is PDF password protection?
How to display Unicode in a Linux virtual terminal?
JSON Validator for Notepad++? [closed]
How to remove apps from my list in the Windows 8 store?
Whatsapp video format support
What's the simplest way to get .flac music files into iTunes?
Updating screen session environment variables to reflect new graphical login?
Windows 10 Update 1809 not offered even if I manually search for it
Thunderbird : Compose in HTML temporarily instead of plain text
Disable chrome's built-in automatic virus scanning of downloaded files [duplicate]
Sharing the Mac OS X clipboard with the internal X server
How can I remove OLD history from Google Chrome?