UAC prompt is blocked when I use Quick Assist

Question

Hi all,
I have the following trouble when I use Quick Assist tool of Windows 10:
all users inside company are "Standard User" and they can not run any software as Administrator.

Sometimes these users ask me remote support, so we use Quick Assist App.

My issue is that very often I need to insert Administrator account to execute operation,
but I can not see screen that permit me to type administrator account and password.

How can I solve it?
I must avoid this problem otherwhise I can not support users remotelly!

It is fine for me that I can see UAC prompt and I can type admin user and password to assist employees.

All PC has got Windows 10 2004 or Windows 10 20H2 inside company.

Thanks so much
Federico

Answer 1

Hi Federico,
As far as I understand it, at the moment if you use Quick Assist , when you connect to a remote users laptop/PC and try to do anything that requires an administrator elevation, the screen is just blanked out.
In the GPO editor, go to Security Settings > Local Policies > Security Options > User Account Control: Switch to the secure desktop when prompting for elevation to Disabled
Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl

Answer 2

Dear all,

1) Has anyone any security concerns re long term disabling of the UAC setting mentioned above?
2) My manager has found this:

https://superuser.com/questions/227860/how-to-toggling-uac-on-off-quickly-eg-using-command-line-in-windows-7

• We are on Windows 10 so will give it a try to see if that Windows 7 solution works on Windows 10
• I am interested to know how anyone else gets on trying that

Regards,
Steve

Answer 3

Hello All,

Here are the answers if anyone has security questions regarding disable and enable of "User Account Control: Switch to the secure desktop when prompting for elevation":

Security considerations

This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.

Vulnerability

Elevation prompt dialog boxes can be spoofed, causing users to disclose their passwords to malicious software. Mouse cursors can be spoofed by hiding the real cursor and replacing it with an offset so the cursor is actually pointing to the Allow button.

Countermeasure

Enable the User Account Control: Switch to the secure desktop when prompting for elevation setting. The secure desktop helps protect against input and output spoofing by presenting the credentials dialog box in a protected section of memory that is accessible only by trusted system processes.

https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation

Hope this helps.

Brandon

Answer 4

There seems to be an issue with the new QA and UAC. It blocks access even with the policy set in MS InTune. Any advice?

Answer 5

Has anyone gotten this resolved. I have tried doing a runas to open a command windo with admin but once that window opens I cannot type at all the in windows. If the UAC prompt comes up, the screen is not blanked and I can see the window but cannot type the username or password in.