Microsoft
MicrosoftWhen are Microsoft going to secure this properly?
We have implemented an Endpoint Privilege Management policy in Intune which allows users to run EXE files with elevated access if they submit their password.
We have found that if a user WITHOUT local administrator rights navigates to windows\system32 folder and right clicks on CMD.EXE, then selects "Run with elevated access" they can then run a "net localgroup" command and add themselves as local administrator on their device.
They can do likewise with MMC.EXE (and add the computer mgmt snap in which will run with elevated access) or with CompMgmtLauncher.exe which does the same thing.
Any user without local administrator rights can bypass the restriction put in place by the EPM settings policy, unless you're running with "Deny All" policy and a white list of applications which have to be added individually. (I don't know how many man hours that would require and how much outage it would cause as new apps come on stream, it doesn't bear thinking about).
