cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Endpoint Privilege Management - "Run with elevated access" only required once?

Rob Clarke
Iron Contributor

‎Dec 01 2023 07:14 AM

‎Dec 01 2023 07:14 AM

Endpoint Privilege Management - "Run with elevated access" only required once?

Hi,

 

I am just evaluating EPM and I just wanted to clarify the functionality.  I've deployed my settings policy and created a rule to allow a specific app to run with evaluated privileges.  The policy was deployed successfully to the PC.  When I clicked on the test application (that requires elevated privilege permission) I got the UAC prompt, which is what I was expecting.  Next I right click the app and this time select "Run with elevated access".  For info the policy sets the application evaluation type to "Automatic" so the app loads with out the user having to enter a justification. I then close the app and this time just double click it to open it and it opens no UAC prompt or with the need to me to click "Run with elevated access" .  I can see with Procmon that the application is running under the EPM account so I believe it is working OK.

 

My question is once a application has been run once with the "Run with elevated access" command is it then approved to run all the time with out the need to select the "Run with elevated access" command?  It not a massive issue as the app is authorised but it would be good to understand if this behaviour is correct.

 

Thanks

935 Views
0 Likes
7 Replies
Reply
7 Replies
Rudy_Ooms_MVP

‎Dec 02 2023 12:29 AM

‎Dec 02 2023 12:29 AM

Re: Endpoint Privilege Management - "Run with elevated access" only required once?

It depends on how you configured the rule... did you configured the rule on automatic of user confirmed?
If you configure the rule to be automatic... its automatic :) .. so not right click and clicking run elevated

https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview#important-concepts-for-endpoint-pr...
0 Likes
Reply
Rob Clarke

‎Dec 04 2023 02:08 AM

‎Dec 04 2023 02:08 AM

Re: Endpoint Privilege Management - "Run with elevated access" only required once?

Hi @Rudy_Ooms_MVP

Thanks for the response, yes the policy is set to automatic but the question I was trying to ask, apologies if I wasn't clear, is why on first clicking of a approved privileged app it would cause the UAC prompt to appear and require the user to use the "Run with elevated access" command then after that the user can just double click the app and it will load i.e. not having to go through the "Run with elevated access" process. I am trying to document the process for users so I am just trying to understand if this behaviour is by design.
0 Likes
Reply
Rudy_Ooms_MVP

‎Dec 04 2023 03:07 AM

‎Dec 04 2023 03:07 AM

Re: Endpoint Privilege Management - "Run with elevated access" only required once?

Which app did you configured for epm elevation? As doing this for powershell doesn't give you the uac prompt. I assume that app needs to perform some other tasks first to be able to be launched automatically. If you have the name of the app or could share some more info, i could try to see whats happening and give you the reason why that uac is shown
0 Likes
Reply
Rob Clarke

‎Dec 04 2023 03:22 AM

‎Dec 04 2023 03:22 AM

Re: Endpoint Privilege Management - "Run with elevated access" only required once?

@Rudy_Ooms_MVP I am using Rufus for testing, it's an app that requires elevated permissions to run. The policy is as follows:

 

emp1.jpg

0 Likes
Reply
Rudy_Ooms_MVP

‎Dec 04 2023 04:15 AM

‎Dec 04 2023 04:15 AM

Re: Endpoint Privilege Management - "Run with elevated access" only required once?

Mmm... i just added the app with the same values as you did in epm and I can launch it without getting an additional uac prompt. Did you perhaps configured any additional uac settings? that could interfere with the consentpromptbehavior settings in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
1 Like
Reply
Rob Clarke

‎Dec 06 2023 08:53 AM

‎Dec 06 2023 08:53 AM

Re: Endpoint Privilege Management - "Run with elevated access" only required once?

Thanks for taking the time to test this. I've been playing around adding other apps and they are working as you describe so I can only assume the first issue I had was a bit of a hic-up (or a issue between the seat and keyboard). Thanks for the help.
0 Likes
Reply