Alle Beiträge von jweinraub (8)

Thema: Elevation fails if user is in network admin group  im Forum: SuRun English speaking
jweinraub #1
Mitglied seit 11/2018 · 8 Beiträge
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
I am glad I found it.  It works fantastic and helped me in a really tight spot.  Glad to see it still works in Windows 10.
Thema: Elevation fails if user is in network admin group  im Forum: SuRun English speaking
jweinraub #2
Mitglied seit 11/2018 · 8 Beiträge
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
Antwort auf Beitrag ID 4110
Where is it?  Sourceforge and the main website only seems to have the version I have.
Nevermind.  But yes, it does work.  Disk Management now surun's when user is in network admin.  This is the best ideeal situation.  Whilst the explorer with the guid works, it may not for everyone that may need it so this is the best. 

Tausend dank!
Dieser Beitrag wurde am 16.11.2018, 18:16 von jweinraub verändert.
Thema: Elevation fails if user is in network admin group  im Forum: SuRun English speaking
jweinraub #3
Mitglied seit 11/2018 · 8 Beiträge
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
Antwort auf Beitrag ID 4108
I am using 1.2.1.2.

The disk management works by
surun mmc.exe diskmgmt.msc
as mmc.exe needed to be elevated since dismgmt.msc is a snap-in. 
surun ncpa.cpl
works now and I added the explorer.exe with the full guid that was there.  I assume that will work for people that are using the same build of Windows 10, is that a universal thing? 

Sorry for all the confusion I am sure what we are doing isn't that common.  However, what I don't get is why I got access denied if the enduser was included into the built-in network admin group--the snapin loaded but the virtual drive manager received access denied.

For brevity and for others in a similar boat, this is my complete whitelist

[WhiteList]
0="C:\Windows\System32\ncpa.cpl"
1="C:\Windows\System32\mmc.exe diskmgmt.msc"
2="C:\Windows\explorer.exe /n, ::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}"
[WhiteListFlags]
0=3
1=3
2=3

The sunrun's I have saved as batch files for the end-users ease of access.

Thank you for your assistance
Thema: Elevation fails if user is in network admin group  im Forum: SuRun English speaking
jweinraub #4
Mitglied seit 11/2018 · 8 Beiträge
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
Antwort auf Beitrag ID 4105
I can do what I want I am a full admin, my endusers are restricted accounts and thus only want them to access these two things.  I can add explorer.exe* with a wildcard and it works fine but I feel that can be too dangerous but that can work too?
Thema: Elevation fails if user is in network admin group  im Forum: SuRun English speaking
jweinraub #5
Mitglied seit 11/2018 · 8 Beiträge
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
Antwort auf Beitrag ID 4103
I am admin trying to set this up for one of the teams here.
Thema: Elevation fails if user is in network admin group  im Forum: SuRun English speaking
jweinraub #6
Mitglied seit 11/2018 · 8 Beiträge
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
Antwort auf Beitrag ID 4100
PS- We restrict only whats in the list so it provides an error if I say diskmgmt.msc as an invalid program. 
If I leave it as is and use the surun for the ncpa I get:

SuRun options restrict You (MYDOM\test) to run specified applications only.

You are not permitted to start 'C:\Windows\explorer.exe /n, ::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}' with elevated rights.

For disk management, it says mmc.exe is denied since the msc is spawning it.  We are only allowing the endusers to use very specific tools from the list.
Thema: Elevation fails if user is in network admin group  im Forum: SuRun English speaking
jweinraub #7
Mitglied seit 11/2018 · 8 Beiträge
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
Antwort auf Beitrag ID 4099
Thanks for the reply.  For non-admin users diskmgmt.msc spawns mmc.exe, and that does the trick.  But if the end-user is in the Network Administrators group specifically, diskmgmt.msc gets access denied.  Soon as I remove them from that group it works again. 

If I use surun ncpa.cpl it spawns it as an admin process so right clicking properties on the network card even using the standard user credentials for UAC will be elevated?
Thema: Elevation fails if user is in network admin group  im Forum: SuRun English speaking
jweinraub #8
Mitglied seit 11/2018 · 8 Beiträge
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
Betreff: Elevation fails if user is in network admin group
I have an end-user that needs elevation to the mmc.exe diskmgmt.msc.  The user will get access denied if they are a member of the network admin group.  Is this something that can be fixed as there seems to be no subsitute.  By adding control.exe ncpa.cpl will launch the control panel but properties still requires UAC and thus no way of accessing it.  The user will need both actions for his role. Is there a better work-around/fix?

Thanks/
Schließen Kleiner – Größer + Auf diesen Beitrag antworten:
Weitere Zeichen:
Weitere Abfragen
Gehe zu Forum
Nicht angemeldet. · Kennwort vergessen · Registrieren
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Seite erstellt in 83,6 ms (46,4 ms) · 89 Datenbankabfragen in 9,8 ms
Aktuelle Zeit: 20.03.2019, 09:03:09 (UTC +01:00)