cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

Kiril
Steel Contributor

‎May 21 2024 05:13 AM

‎May 21 2024 05:13 AM

UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

We switched settings in Windows Autopilot to make the user a standard user instead of an admin. Now, during OOBE I am asked multiple times to execute a PowerShell script as an admin.

 

IMG_6215.JPEG

 

What causes this behavior and how to prevent?

412 Views
0 Likes
10 Replies
Reply
10 Replies
SebastiaanSmits

‎May 21 2024 06:16 AM

‎May 21 2024 06:16 AM

Re: UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

@Kiril 

 

Not 100 percent sure how you deploy your script but do you have the option "Run this script using the logged on credentials" set to 'yes'? This might cause this behaviour:

 

 

SebastiaanSmits_1-1716297231509.png

 

0 Likes
Reply
Kiril

‎May 21 2024 08:24 AM

‎May 21 2024 08:24 AM

Re: UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

Thank you. There are no scripts being deployed or executed by Intune. Must be cause by something else.
0 Likes
Reply
NicklasOlsen

‎May 21 2024 11:43 AM

‎May 21 2024 11:43 AM

Re: UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

We can't see the name of the script, but is this something related to a application you are deploying in your ESP?
0 Likes
Reply
Kiril

‎May 22 2024 12:24 AM

‎May 22 2024 12:24 AM

Re: UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

The script name is a GUID, there is no actual information about any application. How could I debug this behavior?
0 Likes
Reply
SebastiaanSmits

‎May 22 2024 12:50 AM

‎May 22 2024 12:50 AM

Re: UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

@Kiril 

 

When in ESP go to Powershell (using sift f10 to open cmd en open powershell by typing 'Powershell'). Set excution policy to bypass ('set-executionpolicy bypass') You can download/install the Autopilotdiagnostic script (see here). I mostly use the community version because it has more features. 

 

Install the script with the following line:  'Install-Script -Name Get-AutopilotDiagnosticsCommunity'

 

I forgot if the community version includes the online option by default but to get the translation from GUID to Name you need the online option. So try run the script with the following line: 'Get-AutopilotDiagnosticsCommunity -online'

0 Likes
Reply
Rudy_Ooms_MVP

‎May 22 2024 04:57 AM

‎May 22 2024 04:57 AM

Re: UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

If you arent deploing powershell scripts or proactive remediations to your devices, it could be a custom made win32app that is being targetted at the user and not running in system context.
So i would start digging in to the intune management extension to find out what is being executed just before you get that prompt
0 Likes
Reply
Kiril

‎May 22 2024 06:22 AM

‎May 22 2024 06:22 AM

Re: UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

Looking through the logs, the name of the script being executed contains a userId and policyId (userId_policyId.ps1).

How can I find out which policy is triggering this by policyId?
0 Likes
Reply
best response confirmed by Kiril (Steel Contributor)
Rudy_Ooms_MVP

‎May 22 2024 06:25 AM

‎May 22 2024 06:25 AM

Solution

Re: UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

it must be an app or powershell script.. so if you are noticing that that policy being mentioned in the ime.. there must be an app being downloaded /executed just before.... Use cmtrace to look at the ime log ..
0 Likes
Reply
Kiril

‎May 22 2024 08:15 AM

‎May 22 2024 08:15 AM

Re: UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

Got it, it was a PowerShell Script. I didn't see it the first time I checked, because of the tab in Scripts and Remediations... Thank you all for pointing me in the right direction.
0 Likes
Reply
Rudy_Ooms_MVP

‎May 22 2024 09:37 AM

‎May 22 2024 09:37 AM

Re: UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

Feel free to mark a reply as your answer :p
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Kiril (Steel Contributor)
Rudy_Ooms_MVP

‎May 22 2024 06:25 AM

‎May 22 2024 06:25 AM

Solution

Re: UAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)

it must be an app or powershell script.. so if you are noticing that that policy being mentioned in the ime.. there must be an app being downloaded /executed just before.... Use cmtrace to look at the ime log ..

View solution in original post

0 Likes
Reply