make quick assist run as admin
We need to be able to use Quick Assist in Windows 10 to do some administrative tasks, but if the end user initiates the Quick Assist session then the remote admin is limited to only what the end user has access to. Is there any way we can start Quick Assist as an administrator or elevate it to admin level during the Quick Assist session?
Windows & Devices
PromptOnSecureDesktop – another method of avoiding the two-minute UAC blackout. See for example:
It's for any computer: some workgroup, some domain joined, some azure AD joined. It shouldn't matter. QuickAssist should prompt the remote user to authenticate as an administrator but that prompt is hidden from the remote user and only appears to the local user.
This was a great post but I think most of the people replying missed what was being asked here, I believe the requestor is basically suggesting he/she is IT Support etc and needs to be able to support users who are currently wfh.
At the moment if you use Quick Assist or programs such as Logmein, when you connect to a remote users laptop/PC and try to do anything that requires an administrator elevation, the screen is just blanked out. I kind of understand the reasoning around this for security purposes, but at the same time, it sucks for us IT support people!
Main reason for this is, the end user doesn't/won't know the local admin password, only I do, yet it's being blanked out for me to type it in!
If anyone has come across this issue, and working in IT Support, but found a resolution, please get back to me!
This is exactly what I am suggesting. Thank you for understanding. As kieferjocopp13 explained, we need an option in the tool that allows us to run everything from the beginning as an administrator so we can easily access what is needed to support an end user and the affected system. Thank you.
So the problem as I saw it was basically the UAC prompt and how it ends up making a 2nd desktop for its prompts. you can kill this off as a GPO
Policies > Windows Settings > Security Settings > Local Policies/Security Options
And set the following :
User Account Control: Switch to the secure desktop when prompting for elevation > Disabled
Over a month later i hope you got something figured out but this worked for us with the same issue using good old "run as" and allowing UAC prompts on the desktop.
Well, my thinking is that allowing this would be a big security risk, especially assuming the machine of the end user would be infected with something (and this is why the user calls helpdesk)
This is also why e.g. Config Manager Remote Assist does not allow this an explicitly mentioned as "do not enter admin credentials in the remote session". The only supported/recommended way is changing the user log in because in this scenario it is much less likely a key logger does run.
Receive consultations via Technical Presales and Deployment Services team
Please follow the below steps.
- Open CMD
- Within CMD, launch cmd again in Admin mode by user the below command.
runas /user:domain\administrator cmd
*administrator can be replace with any admin account.
*type the admin password once its prompt.
- New CMD will be in Admin mode, just type appwiz.cpl or any command you want. It will be run under the admin mode without asking any password.
I hope it will work for you, if still any query please feel free to contact.
Hi @ravilasya18 ,
There is another way to uninstall the applications in cmd, please follow the steps as mentioned below.
- Launch CMD again in Admin mode by user the below command.
runas /user:domain\administrator cmd.exe
- Launch Windows Management Instrumentation Command line by using the below command
- Type below command to get the list of installed applications.
product get name
- Copy the full name of application (which you want to uninstall) from the list, and type below command.
product where name="XXXX" call uninstall
*Replace XXXX with application name e.g., product where name="Microsoft Search in Bing" call uninstall
*Above command will uninstall Microsoft Search in Bing
- You will get the message of confirmation, type Y to confirm.
Quick Assist is my preferred application to resolve all technical issues remotely.
It also allow me to Run as Administrator to install and configure hardware/software but there are few steps required as mentioned below:
- Run CMD at end-user's computer
- Type the below command:
runas /user:domain\administrator cmd
*domain will be any domain of your organization
*administrator can be any administrator login.
If domain is not available type the below command in cmd.
runas /user:local_user cmd
- Put the admin password.
Now you have successfully launched cmd in administrator mode, you can run the below tasks.
- x:\MicrosoftEdgeSetup.exe (for software installation, where x is any drive letter from your computer).
- appwiz.cpl for installing or uninstalling program.
- services.msc (Run or Stop a service)
- devmgmt.msc (Device Manager, to install/uninstall or upgrade the device driver)
- diskmgmt.msc (Disk Management)
- compmgmt.msc (Computer Management)
- regedit (Registry Editor)
Above mentioned are just example, you can use the number of commands as per your requirement.
We manage computers for many people and the end users sometimes do not have admin level access to those systems. When the end user needs assistance, we would like to be able to run quick assist as an admin so that when we remotely assist the end user, we will be able to enter the admin credentials. At this time, whenever UAC prompts for credentials, the screen goes blank for the remote admins. Is there a way we can remotely send those credentials over without giving them to the end user?
Will this allow me to run an installation without having UAC prompt? I noticed when I do this and type regedit the system prompts for UAC "Do you want to allow this app to make changes to your device?" When UAC prompts it blanks the screen for the remote user running Quick Assist.
Do the following steps in order to launch regedit at end-user's desktop.
- Run CMD at end-user's desktop.
- Type the below command:
runas /user:domain.local\administrator regedit.exe
if there is no domain account, use the below command
runas /user:administrator regedit.exe
- cmd will ask for the admin password, once you put the password, user will get UAC message and user has to click Yes only.