Mar 23 2022 12:09 PM
MSFT Windows 10 21H2 - Computer have the following setting recommendation
Policy: User Account Control: Behavior of the elevation prompt for standard users
Setting: Automatically deny elevation requests
How do I provide support if I need to install software that requires Run as Administrator permissions? Will I need to switch user to the Administrator, and install the software?
Mar 23 2022 02:25 PM
Mar 23 2022 11:49 PM
Mar 25 2022 03:05 PM
Mar 25 2022 03:38 PM
Mar 28 2022 02:04 AM
Mar 28 2022 02:38 PM
Mar 28 2022 09:06 PM
Mar 29 2022 08:34 AM
Mar 31 2022 01:12 AM
If I have understood it correctly, to conclude;
This is a important setting to follow in regards to security, because it is possible to hijack a elevated process.
A management solution is required to manage the clients. The management solutions must be able to install, configure, update/upgrade and uninstall operating system, drivers/firmware and software. It should also be able to evaluate configuration and correct error automatically.
If a one time fix is required and a program/process needs to be run with Administrators permissions, the user/helpdesk should switch user to the Administrator account with a LAPS password (or equivalent) and run the program/process in that session.
The following setting will make it impossible to run a program/process with Administrators permissions interactive remotely / through a remote support session. These changes MUST now be done through the management solution.
Thanks @AaronMargosis_Tanium and @rahuljindal-MVP for input.
Apr 05 2022 10:11 AM