Tech Community Live: Microsoft Intune
Mar 20 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

Endpoint Privilege Management - "Run with elevated access" only required once?

Iron Contributor

Hi,

 

I am just evaluating EPM and I just wanted to clarify the functionality.  I've deployed my settings policy and created a rule to allow a specific app to run with evaluated privileges.  The policy was deployed successfully to the PC.  When I clicked on the test application (that requires elevated privilege permission) I got the UAC prompt, which is what I was expecting.  Next I right click the app and this time select "Run with elevated access".  For info the policy sets the application evaluation type to "Automatic" so the app loads with out the user having to enter a justification. I then close the app and this time just double click it to open it and it opens no UAC prompt or with the need to me to click "Run with elevated access" .  I can see with Procmon that the application is running under the EPM account so I believe it is working OK.

 

My question is once a application has been run once with the "Run with elevated access" command is it then approved to run all the time with out the need to select the "Run with elevated access" command?  It not a massive issue as the app is authorised but it would be good to understand if this behaviour is correct.

 

Thanks

7 Replies
It depends on how you configured the rule... did you configured the rule on automatic of user confirmed?
If you configure the rule to be automatic... its automatic :) .. so not right click and clicking run elevated

https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview#important-concepts-for-endpoint-pr...
Hi @Rudy_Ooms_MVP

Thanks for the response, yes the policy is set to automatic but the question I was trying to ask, apologies if I wasn't clear, is why on first clicking of a approved privileged app it would cause the UAC prompt to appear and require the user to use the "Run with elevated access" command then after that the user can just double click the app and it will load i.e. not having to go through the "Run with elevated access" process. I am trying to document the process for users so I am just trying to understand if this behaviour is by design.
Which app did you configured for epm elevation? As doing this for powershell doesn't give you the uac prompt. I assume that app needs to perform some other tasks first to be able to be launched automatically. If you have the name of the app or could share some more info, i could try to see whats happening and give you the reason why that uac is shown

@Rudy_Ooms_MVP I am using Rufus for testing, it's an app that requires elevated permissions to run. The policy is as follows:

 

emp1.jpg

Mmm... i just added the app with the same values as you did in epm and I can launch it without getting an additional uac prompt. Did you perhaps configured any additional uac settings? that could interfere with the consentpromptbehavior settings in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Thanks for taking the time to test this. I've been playing around adding other apps and they are working as you describe so I can only assume the first issue I had was a bit of a hic-up (or a issue between the seat and keyboard). Thanks for the help.