What is Exchange Activesync Policies Broker, and why is it constantly showing UAC prompts?

21

3

Ever since the latest version of Windows 10 was installed (version 1511 Pro), I've been getting near constant UAC prompts from Exchange Activesync Policies Broker. It doesn't matter if I accept them or not, they keep coming back. I've also seen similarly constant prompts on my laptop from Networks, but that hasn't shown since I recently formatted and re-installed Windows 10.

I am not using Exchange Server. I only have IMAP accounts and one outlook.com account registered in Outlook 2016 which I believe uses EAS.

I'm not very worried about it being malicious, but its really starting to get on my nerves. I'd like to turn it off, but failing that, one would think that Microsoft would make their own software run silently if it is required.

For what its worth, I have Office 2016 installed.

A quick Google search returns only foreign language forum posts and garbage search sites like findeen.co.uk and 2search.pixub.com.

A more recent search has yielded the possibility that it may be related to Visual Studio, which I do have installed, but no possible fixes are offered that I can see.

I have tried the following:

  • Update Visual Studio 2015 to the latest revision
  • Checked to make sure that my Windows Account is active (OS is not requesting verification) (as per last post here)

Mirrana

Posted 2016-04-27T21:19:32.337

Reputation: 672

This has to do with Outlook attempting to request permissions, to do something, that the Exchange Server you are connecting to is configured to allow. So what else was installed when installed the last cumulative Windows 10 patch? To determine which permission is triggering this request will require you to investigate what permissions you are allowing on the Exchange Server and not allowing on the client.

– Ramhound – 2016-07-21T17:50:49.327

I can't submit an answer until I know more. I can't reproduce this behavior against my own Exchange Server and my desktop which has Office 2016 installed on it. I personally would just reset my EAS polciies on the machine as a very basic first step. – Ramhound – 2016-07-21T17:52:20.580

@Ramhound I am not connected to any exchange servers. I do have an outlook.com connection though, which I understand uses EAS, but no "Exchange" accounts. All other accounts are IMAP – Mirrana – 2016-07-21T17:59:01.133

How do I reset Exchange ActiveSync policies applied to my Windows 8 machine for Exchange mailboxes I've since removed? for kicks and giggles, try resetting your EAS policies, it might be an Outlook.com configuration that just happen to go live when you last patched. You might also try allowing various permissions that EAS can be configured to allow. – Ramhound – 2016-07-21T18:02:48.773

So per the link in your question the suggestion just above the last post there is another post and in Edit: and Edit2: where it states that changing the Windows account to login to be locally rather than with the Microsoft account seemed to resolve the issue. Did you try that too or is that applicable at all in your case? You said you already checked the settings from the bottom most post and it doesn't apply and I assume this is what you did from Windows 10 Settings > Accounts > ~, correct? – Pimp Juice IT – 2016-07-21T18:45:30.587

@Ramhound There is no "Reset Security Policies" link in my "User Accounts" CP applet. – Mirrana – 2016-07-22T08:14:25.030

@PIMP_JUICE_IT This does not apply to my case. I am using a domain account. It is connected to my Microsoft account for settings sync, but that's about it. – Mirrana – 2016-07-22T08:16:31.560

1I assume your domain Admin has looked into the group policies that might control this behavior? You using a domain account changes everything – Ramhound – 2016-07-22T11:34:59.040

@Ramhound I am the domain admin. The only custom group policies that exist pertain to automatic updates, power settings, UAC and Remote Desktop enforcement. Otherwise, the default domain policy applies. – Mirrana – 2016-07-22T12:16:23.280

Outlook.com accounts in Outlook 2016 should be synchronized using Outlook Anywhere, not EAS. http://answers.microsoft.com/en-us/office/forum/office_2016-outlook/cant-add-non-hotmail-exchange-activesync-account/8aeadcda-2ad6-43ce-88d9-030d7ae28153?auth=1

– Vojtěch Dohnal – 2016-07-27T07:42:21.843

This started on my PC at home after connecting to my employer's VPN for the first time. Since then, I get those prompts regularly even though I am not connected to the VPN. – bouvierr – 2017-02-10T13:01:22.437

Answers

10

Exchange ActiveSync Policies Broker is the program that implements Exchange ActiveSync policies, which are a way for the administrators of large organizations to manage the security of devices that can access Exchange mailboxes.

It runs, presumably, to download and install the latest version of any ActiveSync policies. To implement some policies, it needs administrative access to the machine.

Normally, it's registered in UAC's COM auto-approval list, so it can be loaded via the Component Object Model without producing a UAC prompt. Assuming you haven't set UAC to the highest level, the Policies Broker should be auto-elevated if there's a REG_DWORD Registry entry called {C39FF590-56A6-4253-B66B-4119656D91B4} with the data of 1 here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UAC\COMAutoApprovalList

If that value is present and the prompts are still appearing, make sure that this key exists:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39FF590-56A6-4253-B66B-4119656D91B4}\Elevation

Make sure it has a REG_DWORD entry called Enabled, set to 1. Further reading: The COM Elevation Moniker.

If the prompts continue to appear, make sure this key does not exist (note HKCU rather than HKLM):

HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{C39FF590-56A6-4253-B66B-4119656D91B4}

The presence of that key in a per-user (i.e. non-secure) location could conceivably make Windows think that this specific COM component shouldn't be allowed to automatically elevate.

Danger zone! I haven't tested this (since I can't reproduce the issue), but deleting the InProcServer32 and LocalServer32 keys under HKEY_CLASSES_ROOT\CLSID\{C39FF590-56A6-4253-B66B-4119656D91B4} has a very good chance of stopping that program from being run; it would simply stop that COM class from being instantiated. You'll have to adjust the permissions of the parent Registry key first, including changing its owner to Administrators rather than TrustedInstaller. If you're feeling particularly destructive, you could also delete EasPoliciesBrokerHost.exe and EasPoliciesBroker.dll from System32, since those are the files involved in that COM class. Again, this entire paragraph is dangerous and you should back things up before trying it. The rest of the answer is perfectly safe, though.

Ben N

Posted 2016-04-27T21:19:32.337

Reputation: 32 973

I do have UAC set to the highest setting, requiring that I enter my admin password for every task that requires elevation. – Mirrana – 2016-07-25T14:18:55.153

If UAC is at the highest setting, elevating anything - including this COM control - will produce a UAC prompt. Does setting UAC to the default level remove the prompts? – Ben N – 2016-07-25T19:30:16.307

I expect that it would, but I also expect that I shouldn't get an elevation prompt for a system service such as this no matter what. This allows a user to prevent system policies from being applied. – Mirrana – 2016-07-25T20:35:24.997

@agent154 Indeed, it doesn't seem like a good design to me either. Nevertheless, the highest UAC setting is designed to require elevation for any administrative operation started by a non-elevated process. – Ben N – 2016-07-25T20:36:37.297

Be aware: UAC fundamentally has only two settings: On and Off. In Vista the default setting was On. As of Windows 7 the default setting was changed to Off. This means that without a UAC prompt, you can become an Administrator, taking complete control of the PC, with UAC in Windows 7 default setting. If you care about security you should seriously consider turning UAC back On.

– Ian Boyd – 2018-10-28T17:48:28.463

1

I was suddenly having this issue every 10-30 minutes even though I was not signed in using a Microsoft account and I had never opened the Mail app. After opening the Mail app to see if that was related I started receiving the UAC prompt every few seconds. I fixed this by uninstalling the Mail app as follows:

  1. Start PowerShell as an administrator
  2. Run the following command: Get-AppxPackage *microsoft.windowscommunicationsapps* | Remove-AppxPackage

Note: This also removes the calendar app.

jdgregson

Posted 2016-04-27T21:19:32.337

Reputation: 125

0

It looks like you're using Microsoft Account to login to your Windows 10 PC. Try to switch from Microsoft Account to local account, it helped in my case. This won't break anything since you can add the Microsoft Account later for apps that require it.

thims

Posted 2016-04-27T21:19:32.337

Reputation: 8 081

That is also what caused this program to start running on my tablet, but you are providing a workaround, not a fix. – Ben Voigt – 2016-09-07T18:25:42.110

I just saw this prompt (and said no) after a long time that I have been using the Microsoft account. Wasn't doing anything at the moment, just using Edge browser with many tabs open, so I wonder if there's some exploit vector trying to do something via a webpage ad or something – George Birbilis – 2016-12-21T08:16:08.183

It also happens if you're logging into your PC not using a Microsoft Account *(i.e. a Local account)* – Ian Boyd – 2018-10-28T17:40:34.937

0

I tried all of the above steps and still had the pop-ups bothering every few minutes. Finally I got rid of it by removing my exchange account from the "Mail" app (in-built in Windows 10) and moving to Outlook.

user775247

Posted 2016-04-27T21:19:32.337

Reputation: 1

Asked: 2016-04-27T21:19:32.337

Viewed: 44 400 times

Active: 2018-05-03T22:56:47.087