Tech Community Live: Microsoft Intune
Oct 01 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

Endpoint Privilege Management and Windows Terminal

Copper Contributor

Anyone had issues with using Windows Terminal or the Preview once Endpoint Privilege Management has been enabled? I've got a test rule base at the moment that just does powershell and notepad but now I'm getting blocked by EPM when I'm running Terminal. Our default rule is deny but I wasn't an admin before I enabled EPM and could run Terminal just fine then.

8 Replies
This looks to have been conflicting settings between the powershell rule and the Windows Terminal rule (which was launching powershell as a default first window).

@S_Rowell And what if you add the terminal to EPM?

That's what I'm looking at now. There seems to be a bunch of weird behaviour when EPM is in the mix. For a start there are multiple processes involved with Windows Terminal (WindowsTerminal.exe, OpenTerminal.exe, conhost.exe, wt.exe) so working out what each thing needs is interesting.

I've removed the powershell rule I had and replaced it with a rule for cmd.exe (just to prove it works now). That seems to be fine, although now I'm getting random cmd processes spawned when I'm not interacting with it or anything else for that matter. I'm going to look at EDR data for my device and see if this is related or just something else I have to find time to look at.

@S_Rowell, did you ever get this to work? 

Not that worked completely. I've stuck it on the back burner until I have some real time to investigate it.

@S_Rowell 

Did you have any time to look into this further? 

I'm just starting down this road 🙂

a little bit but not so I have a complete solution. The processes noted above are part of the terminal 'shell' but there are then different processes for old school Windows CMD, Windows Powershell, Powershell 7, WSL and Azure Cloud Shell. I've not got all these working yet. I just wish MS would provide templates for common apps so I don't have to track this stuff or update certs when Windows components change signing certificate.

@S_Rowell 

Thank you for responding, I agree with you on the templates totally.

It's causing me a load of issues here, If I find any solutions I'll post.

 

Cheers