JozsefSarosi
GoTo Contributor
Joined 15 years ago
User Profile
User Widgets
Contributions
Re: Can't restart as service on Intune/AAD managed Windows laptops
When an applet connects to a Technician Console, then it tells if the current user at the remote machine is a restricted user, restricted admin or a full admin, and also tells if the UAC is ON. TC shows red notifications about the UAC, and credential prompts that would be needed for some actions, and registering the applet as Windows System Service, or as login after reboot. During the service registration, due to the UAC, and the current group policies, different prompts may pop up. UAC Prompt needs admin credentials for restricted users consent, or admin credentials for restricted admins no prompt for full admins. Some strict group policies do not allow consent prompt, but need to enter admin credentials every time. Rescue works best in an environment with elevation consent. Please note that current status of a restricted user, or a restricted admin does not change after answering such UAC prompts, only the applet as a service, or the started process will be elevated. The Applet tries to keep the current user in the same state as before applet registered as WSS. The extra rights are neededor keep running during user sign outs, user switching, and reboots.4.1KViews0likes0CommentsRe: Can't restart as service on Intune/AAD managed Windows laptops
drbankdsrichmond In some cases it is really hard to find the correct user name, user email, and domain combination to log in. I have compiled a list which combinations are supported by Technician Console, and Applet. Please note that text "AzureAD" is a literal text for the domain name, you should enter directly that,UPN is tended to be an email address in connection with Azure AD. Cloud Only AzureAD Account UPN AzureAD\UPN AzureAD\USERNAME AzureAD\FirstNameLastName Hybrid Account (On-Prem AD synced to AzureAD) UPN AzureAD\UPN AzureAD\USERNAME AzureAD\FirstNameLastName DOMAIN\Username MACHINENAME\Username where UPN is tended to be an email address. Earlier TC parsed correctly only formats: domain\user machinename\user user@domain If the machine is out of domain, and tech want to express he enters the credentials as local admin he should use name format: machiename\username At the same time a local admin had to set remote access ENABLED.If the machine is a domain machine, then domain policies has to ensure that the domain admin is domain admin for that machine, and also remotely! The credentials should be format: domainname\username Would you please give it one more try to find the right credentials?4.1KViews0likes0Comments