question

FedericoCoppola-2569 avatar image
0 Votes"
FedericoCoppola-2569 asked MikkelKnudsen-3362 commented

UAC prompt is blocked when I use Quick Assist

Hi all,
I have the following trouble when I use Quick Assist tool of Windows 10:
all users inside company are "Standard User" and they can not run any software as Administrator.

Sometimes these users ask me remote support, so we use Quick Assist App.

My issue is that very often I need to insert Administrator account to execute operation,
but I can not see screen that permit me to type administrator account and password.

How can I solve it?
I must avoid this problem otherwhise I can not support users remotelly!

It is fine for me that I can see UAC prompt and I can type admin user and password to assist employees.


All PC has got Windows 10 2004 or Windows 10 20H2 inside company.


Thanks so much
Federico

windows-10-generalwindows-10-security
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Make sure update Windows and Quick Assist app.
Does it ask for password after user entered the code?
This app should be run in standard users too unless you want to perform a task which required administrator access.

0 Votes 0 ·
CarlFan-MSFT avatar image
0 Votes"
CarlFan-MSFT answered

Hi Federico,
As far as I understand it, at the moment if you use Quick Assist , when you connect to a remote users laptop/PC and try to do anything that requires an administrator elevation, the screen is just blanked out.
In the GPO editor, go to Security Settings > Local Policies > Security Options > User Account Control: Switch to the secure desktop when prompting for elevation to Disabled
Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FedericoCoppola-2569 avatar image
0 Votes"
FedericoCoppola-2569 answered

Hi @Reza-Ameri ,
Laptop has got lastest Windows 10 updates.

Quick Assist app works fine.

My issue is that:
1) Remote user is a standard domain user (no administrator privileges)
2) When UAC message appears I can't see anything about it and I can't type administrator password.

I hope to be clear
Federico

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FedericoCoppola-2569 avatar image
0 Votes"
FedericoCoppola-2569 answered

Dear @CarlFan-MSFT
Thanks!
You are right! I created a domain policy (with your settings) and I applied it to Clients OU.

Is It a vulnerability?

Thanks
Federico

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yannara avatar image
0 Votes"
yannara answered

Was this solved by GPO? I have the same problem, but I am in Intune.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yannara avatar image
0 Votes"
yannara answered MikkelKnudsen-3362 commented

I enabled this setting in Intune using the Settings Catalog, I ensured the policy has been applied, but still UAC is blacked out...

132323-image.png


I also saw then in mmc local sec policies, that the setting is applied...

132278-image.png



image.png (14.2 KiB)
image.png (6.4 KiB)
· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@yannara have you had any luck? We're exploring this as well.

0 Votes 0 ·

@chrisxfire yes I managed to do it quite fast, in Settings Catalog you find all "old" UAC settings and you can configure them not to use Secure desktop.

0 Votes 0 ·

To my understanding, how do I type admin account and password if UAC prompt was disabled?

0 Votes 0 ·

Hi Yannara
Where does that setting located in Intune. Unable to find it :(
Thanks.

0 Votes 0 ·

@Nate-0602 you should see this in Settings Catalog

0 Votes 0 ·

I found it in Intune Devices | Configuration profiles->Create profile. Is there a security risk or any vulnerability after I disable it?

0 Votes 0 ·

We are doing the same right now - seems to be working ok. But its enabled in Security Baseline pr. default - so I dont think its a really good solution to be honest.

0 Votes 0 ·
SteveCRF-0508 avatar image
0 Votes"
SteveCRF-0508 answered chrisxfire commented

Dear all,

1) Has anyone any security concerns re long term disabling of the UAC setting mentioned above?
2) My manager has found this:

https://superuser.com/questions/227860/how-to-toggling-uac-on-off-quickly-eg-using-command-line-in-windows-7

  • We are on Windows 10 so will give it a try to see if that Windows 7 solution works on Windows 10

  • I am interested to know how anyone else gets on trying that

Regards,
Steve



· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I can't, in good conscience, attempt an 11-year-old solution for a deprecated operating system on a current one.

0 Votes 0 ·

Hi Chris,

I hope you are well :-)

What do you propose as a way forward?

Regards,
Steve

0 Votes 0 ·

The GPO solution mentioned above worked for us.

0 Votes 0 ·