GOOD TO KNOW: GPO Override of UAC settings requires two reboots

Recently we got an issue with an application installer that would constantly throw an error when trying to register Oleaut32.dll.

Our packaging team found a work-around by Enabling the Group Policy setting for "User Account Control: Detect application installations and prompt for elevation".

Since this setting is disabled by default in our corporate environment to allow automated distribution of applications, we created a new GPO and set its precedence to apply after our baseline GPO and override our default corporate setting. This way machines can be set to temporarily receive this GPO to install this application.

Yet, when testing the solution we got mixed result.

After looking into those issues, we noticed that the override of this UAC settings required two reboots to be effective.

Our testing confirmed that when the machine first receives the new GPO - by running a GPUpdate /force and then rebooting - although RSOP and the registry were showing the correct settings the application was still throwing the same error at install time.
It was only after rebooting for a second time that the setting was fully applied and the installation worked.

The same was true when removing the machine from the filtering group to re-apply the standard settings.

Although we did know that Computer's GPO settings apply after a reboot having to reboot twice was rather unexpected.... Hope you find this info useful !