Hero Banner

Modern Workplace Discussions

Discuss best practices related to Security, Teamwork and Unified Endpoint Management (Microsoft 365).

Reply
JoeRainero
Level 4 Contributor

make quick assist run as admin

We need to be able to use Quick Assist in Windows 10 to do some administrative tasks, but if the end user initiates the Quick Assist session then the remote admin is limited to only what the end user has access to.  Is there any way we can start Quick Assist as an administrator or elevate it to admin level during the Quick Assist session?

27 REPLIES 27
JoeRainero
Level 4 Contributor

Hello Anik,

 

Will this allow me to run an installation without having UAC prompt?  I noticed when I do this and type regedit the system prompts for UAC "Do you want to allow this app to make changes to your device?"  When UAC prompts it blanks the screen for the remote user running Quick Assist.  

 

Thanks,

Joe

SalmanAhmed
Level 2 Contributor

@JoeRainero 

Do the following steps in order to launch regedit at end-user's desktop.

  1. Run CMD at end-user's desktop.
  2. Type the below command:
    runas /user:domain.local\administrator regedit.exe 
    if there is no domain account, use the below command
    runas /user:administrator regedit.exe
  3. cmd will ask for the admin password, once you put the password, user will get UAC message and user has to click Yes only.
BadrIT
Visitor 1

unfortunately, this doesn't help

Anik
Level 1 Contributor

Hello, has anyone found a way since then?

Kal451
Level 1 Contributor

So the problem as I saw it was basically the UAC prompt and how it ends up making a 2nd desktop for its prompts. you can kill this off as a GPO 


Policies > Windows Settings > Security Settings > Local Policies/Security Options 

And set the following 

User Account Control: Switch to the secure desktop when prompting for elevation > Disabled

 

JoeRainero
Level 4 Contributor

Thanks for the response.  If we already had admin access to the local system then we could edit this policy and resolve the issue as you described.  Unfortunately QuickAssist does not give us admin access to the local system and does not prompt us remotely for credentials to be passed on to the local system.  Because of this only the locally logged in user sees the UAC prompt and that user does not have the admin credentials so that user does not authenticate to allow us to do what we need to do.  By design, we will not give the end user of the local device admin credentials.  What do we do now?  I suggest that QuickAssist be rewritten to allow for a remote prompt for admin credentials so that we can remotely administer the local devices.

Kal451
Level 1 Contributor

hang on is this for a workgroup laptop or one on domain?