All posts by jweinraub (8)

topic: Elevation fails if user is in network admin group  in the forum: SuRun English speaking
jweinraub #1
Member since Nov 2018 · 8 posts
Group memberships: Mitglieder
Show profile · Link to this post
I am glad I found it.  It works fantastic and helped me in a really tight spot.  Glad to see it still works in Windows 10.
topic: Elevation fails if user is in network admin group  in the forum: SuRun English speaking
jweinraub #2
Member since Nov 2018 · 8 posts
Group memberships: Mitglieder
Show profile · Link to this post
In reply to post ID 4110
Where is it?  Sourceforge and the main website only seems to have the version I have.
Nevermind.  But yes, it does work.  Disk Management now surun's when user is in network admin.  This is the best ideeal situation.  Whilst the explorer with the guid works, it may not for everyone that may need it so this is the best. 

Tausend dank!
This post was edited on 2018-11-16, 17:16 by jweinraub.
topic: Elevation fails if user is in network admin group  in the forum: SuRun English speaking
jweinraub #3
Member since Nov 2018 · 8 posts
Group memberships: Mitglieder
Show profile · Link to this post
In reply to post ID 4108
I am using 1.2.1.2.

The disk management works by
surun mmc.exe diskmgmt.msc
as mmc.exe needed to be elevated since dismgmt.msc is a snap-in. 
surun ncpa.cpl
works now and I added the explorer.exe with the full guid that was there.  I assume that will work for people that are using the same build of Windows 10, is that a universal thing? 

Sorry for all the confusion I am sure what we are doing isn't that common.  However, what I don't get is why I got access denied if the enduser was included into the built-in network admin group--the snapin loaded but the virtual drive manager received access denied.

For brevity and for others in a similar boat, this is my complete whitelist

[WhiteList]
0="C:\Windows\System32\ncpa.cpl"
1="C:\Windows\System32\mmc.exe diskmgmt.msc"
2="C:\Windows\explorer.exe /n, ::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}"
[WhiteListFlags]
0=3
1=3
2=3

The sunrun's I have saved as batch files for the end-users ease of access.

Thank you for your assistance
topic: Elevation fails if user is in network admin group  in the forum: SuRun English speaking
jweinraub #4
Member since Nov 2018 · 8 posts
Group memberships: Mitglieder
Show profile · Link to this post
In reply to post ID 4105
I can do what I want I am a full admin, my endusers are restricted accounts and thus only want them to access these two things.  I can add explorer.exe* with a wildcard and it works fine but I feel that can be too dangerous but that can work too?
topic: Elevation fails if user is in network admin group  in the forum: SuRun English speaking
jweinraub #5
Member since Nov 2018 · 8 posts
Group memberships: Mitglieder
Show profile · Link to this post
In reply to post ID 4103
I am admin trying to set this up for one of the teams here.
topic: Elevation fails if user is in network admin group  in the forum: SuRun English speaking
jweinraub #6
Member since Nov 2018 · 8 posts
Group memberships: Mitglieder
Show profile · Link to this post
In reply to post ID 4100
PS- We restrict only whats in the list so it provides an error if I say diskmgmt.msc as an invalid program. 
If I leave it as is and use the surun for the ncpa I get:

SuRun options restrict You (MYDOM\test) to run specified applications only.

You are not permitted to start 'C:\Windows\explorer.exe /n, ::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}' with elevated rights.

For disk management, it says mmc.exe is denied since the msc is spawning it.  We are only allowing the endusers to use very specific tools from the list.
topic: Elevation fails if user is in network admin group  in the forum: SuRun English speaking
jweinraub #7
Member since Nov 2018 · 8 posts
Group memberships: Mitglieder
Show profile · Link to this post
In reply to post ID 4099
Thanks for the reply.  For non-admin users diskmgmt.msc spawns mmc.exe, and that does the trick.  But if the end-user is in the Network Administrators group specifically, diskmgmt.msc gets access denied.  Soon as I remove them from that group it works again. 

If I use surun ncpa.cpl it spawns it as an admin process so right clicking properties on the network card even using the standard user credentials for UAC will be elevated?
topic: Elevation fails if user is in network admin group  in the forum: SuRun English speaking
jweinraub #8
Member since Nov 2018 · 8 posts
Group memberships: Mitglieder
Show profile · Link to this post
Subject: Elevation fails if user is in network admin group
I have an end-user that needs elevation to the mmc.exe diskmgmt.msc.  The user will get access denied if they are a member of the network admin group.  Is this something that can be fixed as there seems to be no subsitute.  By adding control.exe ncpa.cpl will launch the control panel but properties still requires UAC and thus no way of accessing it.  The user will need both actions for his role. Is there a better work-around/fix?

Thanks/
Close Smaller – Larger + Reply to this post:
Special characters:
Special queries
Go to forum
Not logged in. · Lost password · Register
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Page created in 54.6 ms (26.6 ms) · 89 database queries in 10 ms
Current time: 2019-07-22, 16:31:03 (UTC +02:00)