AAD joined personal host machines administrator login

Occasional Contributor

Hello everyone,

 

I have the following issue:

- Users have an AVD machine assigned and are member from "Virtual Machine User Login" through group assignment.

- We have groups assignments for RBAC role "Virtual Machine Administrator Login" - but the user is not member of any group in here

- An administrator must support the user on Personal Host machine and is member of one of the groups assigned to "Virtual Machine Administrator Login"

- The administrator access the machine through TeamViewer

- administrator tries to open app in admin mode and UAC comes up but admin cannot login

 

Is there anything I did not consider? Is this even possible? How can administrators support users?

 

Thanks in advance and best regards

Andreas

4 Replies
HI, thanks for your answer. Unfortunately this only covers access for the user and not for an external administrator.
What error are they getting?

Is the UAC prompt just a black screen (ie the admin can't enter in any credentials) if that's the case it is because its a Secure Desktop - https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-ac...

@Luke Murray 

Hello,

thanks for your response.
The UAC comes up and the admin who is connected over TeamViewer can view the UAC. But we get always the following error:

AndreasR_0-1642415277127.png

We tried the following login schemas:

AzureAD\UPN

UPN

LocalDomain\SamAccountName

 

Always getting the same error.

 

Thanks in advance