Forum Discussion

idk1613's avatar
idk1613
Brass Contributor
Mar 25, 2020

Feature request fix Remote Assist bypass UAC prompt

I have to say there must be a gap in MS Windows testing processes. I don't understand how they fail to allow an IT help desk agent, Sys Admin or DevOps or anyone suppose to succeed in remote assistance to a client and make admin changes. MSRA use to work until Windows 10 1903. Quick Assist works okay. Can you not make it easier for the client to just click a link and open quick assist and have them type the code in? 

 

Problem:

Help desk staff, System Admins and etc. need the ability to see a users desktop remotely and be able to make changes like installing software, setting changes and etc. If we disable UAC prompts or lower the level why do we need to take that risk. If I want to install something why do I get a black screen. Why do we have to pay $$$ for other software (teamviewer,logmein, etc.) that can do this. This is a feature that should be built in to any OS. Look at Mac OS and other unix systems they have this feature built in for free.  

 

This should be a secure desktop and not inhibit the service of your products please fix this issue ASAP! During an emergency like COVID-19 MS products cannot be relied upon even for the simplest tasks. Its great you add complexity and the latest AI features (woooa) but you cannot even do the simple things painlessly and well. I guess we will go broke spending $$$ to teamviewer, logmein, and etc because they can do the simple things pretty well.

 

I am disappointed when I try to rely on MS products they fail at the simple things. It provides me with job security but from an engineering perspective you all have lost touch how your products are used in the world (design specs/ needs analysis). You all are like a disappointing stranger. I just want you to help hold the door open while I carry the heavy box through the door. By either holding the door open, or prop it open but you just let it go and the door closes in my face before ever accomplishing such a simple task.  

 

https://attack.mitre.org/techniques/T1088/

https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop

 

  • Yann_Duchateau's avatar
    Yann_Duchateau
    Copper Contributor

    idk1613you are jealous because you do not know how to be permanently an Admin with Permanent privileges on a Windows Remote Desktop Session. Simple : you add a group in the Active Directory with Full Security Priviledges, and you add this Group Locally on the concerned to the Remote Desktop Users, and The Local administrators list. And you remotely connect with a user Member of this group. Or Like Microsoft you implement a Local SuperUser (Administrator) Account when installing the Computer.

    • idk1613's avatar
      idk1613
      Brass Contributor

      Yann_Duchateau 

       

      I am talking about remote assistance not remote desktop. I think you misunderstand the problem. The issue is why a security group cannot be set (like they allow this on unix machines) to be allowed to remotely assist clients or vendors on a shared screen through the secure desktop prompt in an enterprise environment. Why do I have to take on more risk to be able to effectively resolve issues for clients. Why do I have to pay for a service. Allow this through quick assist or another app that has mfa in front of it. I think it is terrible customer service model to create a product but not offer the resources or access to IT admins to do their job. 

      • Reza_Ameri-Archived's avatar
        Reza_Ameri-Archived
        Bronze Contributor

        idk1613 as you mentioned Quick Assist should work , but you will need some improvement, so please open Feedback Hub and share feedback on how to improve it.

        Support for Windows 7 and earlier version of Windows already ended and if you use Windows 8 and Windows 10, you will have Quick Assist and in general Remote Assistance is not general.

Resources