Closed MarkOMeara123 closed 1 year ago
pseymour
commented
3 years ago They do have admin rights. They can run an operation as administrator and use their credentials to satisfy UAC.
You can also do what you said, and have them log off. However, most people don't like that inconvenience, in my experience. It also has the side effect that they have admin rights until they log off again, which is less than ideal.
MarkOMeara123
commented
3 years ago @pseymour Thanks for the response. The test I performed was to right click cmd.exe (and Visual Studio 2019 as well, Regedit, Computer management, etc) and select 'Run as Administrator' when I have local admin rights via Make Me Admin. The tests failed (windows prevented opening the applications) . Log off and back in again, performed the test and it worked.
Upon further investigation it appears to be a Group Policy preventing non administrators from running these applications. Could it be that the Group Policy does not pick up a rights change has occured?
pseymour
commented
3 years ago That could be. When using Make Me Admin, the user does not get an Administrator token added to their account, unless you log off and on. If that token what the GPO mechanism is relying on, then it wouldn't work.
When a user adds themselves to the Local Administrator group via Make Me Admin they do not actually have admin rights until they log off then back in again (and same issue when the timeout occurs and Make Me Admin revokes the right).
Has anyone come across this issue? Any solutions?