Recently purchased Rescue for remote support of my Intune managed laptops. Unfortunately, it won't accept my (valid) credentials when I try to restart the applet as a system service, leaving me unable to interact with UAC prompts and rendering it effectively useless. The only configuration policy I've applied is for Device Restrictions, none of which apply to UAC or authentication. What do I need to enable to allow credentials to pass through correctly?
Edit: When the remote user is an administrator, it allows me to prompt them to run as a service and then functions as expected. This behavior only occurs when I'm trying to elevate by passing through credentials for a non-administrative user.
Did you ever find a commonality, cause, or solution for this? Seeing the same behavior across multiple devices though only very sporadically. The user is sometimes prompted to enter UAC credentials, and I've speculated it could be related to the UAC policy in secpol.msc which specifies whether to ask for credentials or consent, but that hasn't been a commonality either.
machiename\username
domainname\username
When an applet connects to a Technician Console, then it tells if the current user at the remote machine is a restricted user, restricted admin or a full admin, and also tells if the UAC is ON. TC shows red notifications about the UAC, and credential prompts that would be needed for some actions, and registering the applet as Windows System Service, or as login after reboot.
During the service registration, due to the UAC, and the current group policies, different prompts may pop up.
UAC Prompt needs
Some strict group policies do not allow consent prompt, but need to enter admin credentials every time.
Rescue works best in an environment with elevation consent.
Please note that current status of a restricted user, or a restricted admin does not change after answering such UAC prompts, only the applet as a service, or the started process will be elevated.
The Applet tries to keep the current user in the same state as before applet registered as WSS. The extra rights are needed or keep running during user sign outs, user switching, and reboots.