![]() Once I closed secpol, my control was restored. I tried this solution above and I was able to launch cmd.exe as the local admin account using that runas command, but as soon as secpol opened, the screen froze and I couldn't do or move anything. Some of these clients don't have local admin privileges and we can't/don't/won't give the non-executives/owners the local admin password. ![]() I completely screwed myself and lost my Connectwise database and have had to rebuild by sending out install links of software again to my customers and their employees. It looks as though this method no longer works on build 21H1 (and maybe earlier). ![]() Testing has shown that you can launch secpol.msc for the elevated command prompt with no UAC, so no temp admin user account required There is a better way, use secpol.mscĮdit 3: Simplified further. This workaround will let you get a toehold that you can then use improve the configuration as you desire.Įdit 2: removed some old registry edits that don't work on 1909. In the COVID-19 induced mass flurry of activity to get people to WFH, many machines have been sent home with less than optimal configurations. That is all well and good if the tool is/was available and that necessary work was was done ahead of time. Some people are saying this or that tool avoids the problem. When done go back to local user manager and delete the throwaway admin account. Get user to use the newly made temp user credentials as required. (Edit: alternatively you can use net.exe to create user and add to group.) In local user manager create a throwaway temp user with a simple password and add to administrators group. In the elevated command prompt open local user manager c:\>lusrmgr.msc. If for any reason you need a local admin credential that you can give the user do this: When done, repeat the above to set User Account Control: Switch to the secure desktop when prompting for elevation back to Enabled. You will now have a UAC that you can see over your remote assistance tool. Set Security Settings > Local Policies > Security Options > User Account Control: Switch to the secure desktop when prompting for elevation to Disabled. In the elevated command prompt start Secpol, you won't get a UAC prompt: c:\>secpol.msc ![]() In the command prompt window start elevated command prompt with RunAS: c:\>runas /user:example\user.name cmd.exe Start a normal command prompt Windows key + R, cmd, enter. Security Settings > Local Policies > Security Options > User Account Control: Switch to the secure desktop when prompting for elevation to Disabled.īut you cannot 'run as admin' secpol.msc directly because, you guessed it, you need to pass UAC. ![]() You can force the UAC on to the user's desktop, where you can see it, by using secpol.msc to set This is because UAC normally appears on a separate secure desktop. In the absence of a VPN connection, when using some sort of remote assistance desktop sharing to administer the PC of WFH user you may encounter the problem of not being able to see a UAC for admin tasks. Note: the following assumes you have some sort of admin credentials on the user's PC. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |