What is Exchange Activesync Policies Broker, and why is it constantly showing UAC prompts?
Ever since the latest version of Windows 10 was installed (version 1511 Pro), I've been getting near constant UAC prompts from Exchange Activesync Policies Broker. It doesn't matter if I accept them or not, they keep coming back. I've also seen similarly constant prompts on my laptop from Networks, but that hasn't shown since I recently formatted and re-installed Windows 10.
I am not using Exchange Server. I only have IMAP accounts and one outlook.com account registered in Outlook 2016 which I believe uses EAS.
I'm not very worried about it being malicious, but its really starting to get on my nerves. I'd like to turn it off, but failing that, one would think that Microsoft would make their own software run silently if it is required.
For what its worth, I have Office 2016 installed.
A quick Google search returns only foreign language forum posts and garbage search sites like findeen.co.uk and 2search.pixub.com.
A more recent search has yielded the possibility that it may be related to Visual Studio, which I do have installed, but no possible fixes are offered that I can see.
I have tried the following:
- Update Visual Studio 2015 to the latest revision
- Checked to make sure that my Windows Account is active (OS is not requesting verification) (as per last post here)
4 Answers
Exchange ActiveSync Policies Broker is the program that implements Exchange ActiveSync policies, which are a way for the administrators of large organizations to manage the security of devices that can access Exchange mailboxes.
It runs, presumably, to download and install the latest version of any ActiveSync policies. To implement some policies, it needs administrative access to the machine.
Normally, it's registered in UAC's COM auto-approval list, so it can be loaded via the Component Object Model without producing a UAC prompt. Assuming you haven't set UAC to the highest level, the Policies Broker should be auto-elevated if there's a REG_DWORD Registry entry called {C39FF590-56A6-4253-B66B-4119656D91B4} with the data of 1 here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UAC\COMAutoApprovalListIf that value is present and the prompts are still appearing, make sure that this key exists:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39FF590-56A6-4253-B66B-4119656D91B4}\ElevationMake sure it has a REG_DWORD entry called Enabled, set to 1. Further reading: The COM Elevation Moniker.
If the prompts continue to appear, make sure this key does not exist (note HKCU rather than HKLM):
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{C39FF590-56A6-4253-B66B-4119656D91B4}The presence of that key in a per-user (i.e. non-secure) location could conceivably make Windows think that this specific COM component shouldn't be allowed to automatically elevate.
Danger zone! I haven't tested this (since I can't reproduce the issue), but deleting the InProcServer32 and LocalServer32 keys under HKEY_CLASSES_ROOT\CLSID\{C39FF590-56A6-4253-B66B-4119656D91B4} has a very good chance of stopping that program from being run; it would simply stop that COM class from being instantiated. You'll have to adjust the permissions of the parent Registry key first, including changing its owner to Administrators rather than TrustedInstaller. If you're feeling particularly destructive, you could also delete EasPoliciesBrokerHost.exe and EasPoliciesBroker.dll from System32, since those are the files involved in that COM class. Again, this entire paragraph is dangerous and you should back things up before trying it. The rest of the answer is perfectly safe, though.
I was suddenly having this issue every 10-30 minutes even though I was not signed in using a Microsoft account and I had never opened the Mail app. After opening the Mail app to see if that was related I started receiving the UAC prompt every few seconds. I fixed this by uninstalling the Mail app as follows:
- Start PowerShell as an administrator
- Run the following command:
Get-AppxPackage *microsoft.windowscommunicationsapps* | Remove-AppxPackage
Note: This also removes the calendar app.
It looks like you're using Microsoft Account to login to your Windows 10 PC. Try to switch from Microsoft Account to local account, it helped in my case. This won't break anything since you can add the Microsoft Account later for apps that require it.
3I tried all of the above steps and still had the pop-ups bothering every few minutes. Finally I got rid of it by removing my exchange account from the "Mail" app (in-built in Windows 10) and moving to Outlook.
