Forum Discussion
Kiril
May 21, 2024Steel Contributor
UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)
We switched settings in Windows Autopilot to make the user a standard user instead of an admin. Now, during OOBE I am asked multiple times to execute a PowerShell script as an admin.
What causes this behavior and how to prevent?
- it must be an app or powershell script.. so if you are noticing that that policy being mentioned in the ime.. there must be an app being downloaded /executed just before.... Use cmtrace to look at the ime log ..
- SebastiaanSmitsSteel Contributor
Not 100 percent sure how you deploy your script but do you have the option "Run this script using the logged on credentials" set to 'yes'? This might cause this behaviour:
- KirilSteel ContributorThank you. There are no scripts being deployed or executed by Intune. Must be cause by something else.
- NicklasOlsenIron ContributorWe can't see the name of the script, but is this something related to a application you are deploying in your ESP?
- If you arent deploing powershell scripts or proactive remediations to your devices, it could be a custom made win32app that is being targetted at the user and not running in system context.
So i would start digging in to the intune management extension to find out what is being executed just before you get that prompt- KirilSteel ContributorLooking through the logs, the name of the script being executed contains a userId and policyId (userId_policyId.ps1).
How can I find out which policy is triggering this by policyId?- it must be an app or powershell script.. so if you are noticing that that policy being mentioned in the ime.. there must be an app being downloaded /executed just before.... Use cmtrace to look at the ime log ..