Meshcentral: UAC Prompt under RDP Disconnect
Scenario:
Computer A: Users computer (via console session) (Win 10x64 1909 tested)
Computer B: Users computer (RDP session from Computer A) (Win10x64 1909 tested)
In MeshCentral, if you connect to Computer B and select the RDP session to Remote Desktop into, if they are an unprivileged user and you require privilege elevation for a program (test in my case was opening the LAN1 network adapter to edit properties), the resulting UAC prompt disconnects the MeshCentral user from the interface and back to the login screen.
Note: I did not attempt to reconnect directly to Computer B to see if multiple sessions were available for the administrator, or if reconnecting would simply allow me to view the UAC prompt. I happened to have an agent natively on Computer A, so I just connected from there and continued working on Computer B via Computer A's already established RDP session.
ryanblenis
All 4 comments
Interesting. I did some testing, and can see what you'r seeing, however, I'm at a complete loss to figure out how to fix it...
For example, I found that if I minimize my RDP client, then I cannot scrape the RDP session, until the RDP client is visible. Once it's visible, I am able to scrape the session. Likewise, when the UAC is visible in the RDP session, I am also unable to scrape the RDP session. I tried enumerating all the sessions on the machine while the UAC prompt is visible... I can't tell if the UAC prompt is on the TSID of the RDP client, but I no longer have permission to access the graphics object, or if the UAC is done by the RDP client itself with an out-of-band (to the UI) mechanism... But in any case, when the UAC is displayed in the RDP client, I'm unable to figure out how to access that UX.
krayon007
on 9 Apr 2020
Any progress on this problem? This bug now(when all users on vpn-rdp) is critical in our environment, our tech support cant do they work, they cant do anything under admin credentials ((
hellofaduck
on 12 May 2020
This could also be related to https://github.com/Ylianst/MeshCentral/issues/1044
Don't know if this can be of help:
UAC settings when remote controlling Windows clients to prevent screen freezing
User Account Control: Switch to the secure desktop when prompting for elevation policy = Disabled
User Account Control: Allow UIAccess application to prompt for elevation without using the secure desktop policy = Enabled
More on the same:
Remote Assistance and UAC prompts
How to get access to UAC prompt when running remote desktop application?
Windows 10 – Disable UAC for Remote Assistance/Google Remote Desktop/QuickAssist
How other software handle this (from a user's point of view):
Is TeamViewer UAC compatible?
dnutan
on 12 May 2020
Oh my God, you are my lifesaver today!! This settings works! Without secure desktop UAC promt works fine without any problem. I am jumping around my desk :)
hellofaduck
on 13 May 2020
Related issues
whalehub
·
3Comments
M1CK431
·
3Comments
haxmachine
·
3Comments
penguinthingie
·
4Comments
nroach44
·
3Comments
Most helpful comment
Oh my God, you are my lifesaver today!! This settings works! Without secure desktop UAC promt works fine without any problem. I am jumping around my desk :)