MicrosoftSo, I'm an endpoint administrator testing UAC Administrator Protection on Canary 27783.1000. I'm finding that most of the time, the ADMIN_ encapsulation works as intended for situation like running an application with administrator permissions. (like a certain well known packet capture software). But I too find an unanticipated side effect. When trying to access MMC, we receive an admin prompt via Administrator Protection, and it's successfully run within the context of the ADMIN_ user account. The problem with this is when performing tasks when trying to open MMC to access the user certificates on the device. Instead of seeing the user's certificates, I see a blank user certificate store most likely because the ADMIN_ account doesn't have any certificates. When I turn off UAC Administrator Protection, I find that we can access the MMC and certificates as normal.
Try just launching the Manage user Certificates from by searching from the start menu. Although it does require MMC I don't think it requires admin rights. With UAC enabled you can launch and edit the user store. I use CyberArk for this and you can most certainly can still use it if CyberArk is managing your Admin rights. It does not invoke a UAC prompt as it should not require elevated rights.
MicrosoftThank you for testing Administrator protection, and sharing the feedback with us. We are working on the issue you mentioned. Will provide an update soon.
