Meshcentral: Desktop mesh and elevations of rights in interacting with mstsc sessions

Created on 12 Feb 2021 · 4Comments · Source: Ylianst/MeshCentral

Hi, I wanted to report the following desktop mesh connection behavior:
1) a user, without administrative rights, takes remote control of the workstation through the rdp microsoft client (mstsc)
2) the technician, through desktop mesh, assumes remote control in parallel of the same session (Actve, RDP-Tcp # 5 .....)
3) uac has default settings
4) the technician performs a credential elevation action, for example opens a command prompt as administrator:
5) the technician desktop (mesh desktop) is disconnected and the authentication screen is proposed again
6) the user connected with mstsc displays the window with the insertion of the credentials for the elevation of rights.

Conclusion in the situation described above it seems not possible to carry out elevation of rights by a technician, keeping the user's rdp session active

Finally, I wanted to point out that if the desktop session for which remote control is assumed is the console one (i.e. when the user is physically in front of the station), the display of the elevation of credentials works correctly
As always thank you for your help and for the wonderful job done

Fixed - Confirm & Close question

Source

paolor1965

Most helpful comment

You only need to do this once... But open the console tab, and type:

uac interactive

This will switch UAC modes, allowing the scenario you describe. The default setting is securedesktop, which cannot be scraped when it's invoked from an rdp session. That's why you get kicked to the login screen. You can change back with the following console command:

uac secure