IperiusĀ® Remote

Tutorials

Ā« All Tutorials


Request elevated administrator rights remotely with Iperius




Iperius Remote is a complete and efficient remote desktop and remote control software, fully compatible with UAC and with the possibility of self-elevation to administrative privileges, even when the remote support session has been started with a standard user account .

The most typical case is that of a network administrator who must connect to the PC of an employee, who obviously does not have administrative privileges on his machine. The user can still start Iperius Remote and allow the administrator to connect.

However, if the administrator needs to perform operations that require higher privileges, he can only do so by restarting Iperius on the remote computer using his administrator credentials. This operation can be done automatically and remotely, i.e. the administrator can do it while connected, to request that the remote desktop session restart with administrator rights.

In the following image we see the button to press (on the main window, bottom right corner) and the simplicity of this operation:

By pressing the button, Windows will ask for the credentials with a typical window:

If there is a domain, remember to specify it before the username, in this form:

DOMAIN\Administrator

After entering the credentials and clicking ok, if the credentials are correct, Iperius will restart on the remote computer with administrative privileges (in some cases it may be necessary for the remote user to click on the UAC confirmation window).

There will be a brief disconnection, but Iperius will immediately attempt automatic reconnection. If this does not happen, you can still reconnect manually. Once the connection is re-established, the administrator will have all rights to act on the remote computer.

 

Learn more about administrative privileges and User Account Control (UAC):

Windows User Account Control (UAC) is a security mechanism that prevents non-administrator users from making critical system changes without administrator approval. With Iperius Remote, access to specific system applications is only possible when Iperius Remote is run with elevated privileges. These applications include the Task Manager, antivirus software and system configurations.

More info: https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode

If the user connected via Iperius Remote does not have permission to see or interact with the UAC prompt, the screen usually goes black or blocked and the mouse pointer cannot be used. However, the functionality returns to normal as soon as the remote user of Iperius Remote accepts or denies the UAC requests on the relative dialog box.

Note: Elevating the Iperius Remote session does not transform the Windows session from a normal user to an administrator user. Each UAC operation will still require administrator credentials. To avoid UAC prompts with prompts for credentials, it is recommended that you log on to Windows as an administrator on the remote device.

Behavior with Iperius Remote when the user is an administrator:

When Iperius Remote, and consequently, the Iperius Remote service (for unattended mode), is run on the remote device by an administrator user, it can interact with any software that requires administrative privileges and UAC elevation requests, since the software is able to start automatically with the SYSTEM user (Localsystem account), which has the highest privilege level in the system. Of course, during startup by an admin user, the software will show a UAC confirmation message.

Behavior with Iperius Remote when the user is NOT an administrator:

When Iperius Remote is run manually by a standard user (non-administrator) on the remote device, by default, Iperius Remote will not be able to interact with specific administrative software and UAC requests. During manual launch by the user, Iperius Remote does not ask to elevate itself and does not show UAC confirmation messages. It simply starts with limited privileges, but can still receive remote connections .

When the operator is connected via remote desktop to the machine where Iperius has been started as a standard user, if a UAC request appears on the remote device (because you are trying to do an operation that requires elevated privileges, such as installing a program) , Windows locks the screen and notifies the user with a UAC prompt. Also, the mouse cursor is inoperable and indicates that the logged in user does not have the ability to control remote input.

If the operator connected in remote desktop wants to be able to interact with the UAC windows and avoid blockages, he can use the button to request elevated rights by specifying his administrator credentials.




Per qualsiasi domanda o dubbio in merito a questo tutorial, Contattaci