Thanks @Lu Dai-MSFT . It did eventually end up working for me after a few more times of redoing the XML for the OMA-URI "./Device/Vendor/MSFT/Policy/Config/RestrictedGroups/ConfigureGroupMembership". Not sure why but it is quite flaky.. If it occurs again in future I'll open a ticket
Can't Access Settings - Surface Hub - Operation Requires Elevation
Hi,
I've been building up some of the Surface Hubs and once built I've been able to login to Settings with my account, when prompted. However, any that I have rebuilt in this past week, I cannot access Settings with my account. Instead it says "The Requested Operations Requires Elevation".
As far as I know nothing has changed. My account and others are still in the Intune\Endpoint configuration policy which sets the Admins.
Any ideas as to why it no longer accepts my account and says "The Requested Operations Requires Elevation"?
Thanks,
Michal
5 additional answers
Sort by: Most helpful
-
Lu Dai-MSFT 28,366 Reputation points
2021-10-29T07:20:38.867+00:00 @Michal Thanks for posting in our Q&A.
From the picture, it is needed an admin permission to login to Settings. To clarify this issue, please use a local admin account to login to the device and then check if the targeted user is in the Administrators group in Computer Management > Local Users and Groups.
If there is anything update, feel free to let us know.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
Limitless Technology 39,446 Reputation points
2021-10-29T10:11:33.013+00:00 Hello Michal,
In this case the logical explanation is that the computers are not receiving correctly the policies for updating the Admin accounts.
I can personally recommend the next MS article as a first approach to troubleshooting Intune policy: https://learn.microsoft.com/en-us/troubleshoot/mem/intune/troubleshoot-policies-in-microsoft-intune
If you find any new information feel welcome to come back for the community to help further if needed.
--------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--
-
Michal 101 Reputation points
2021-10-31T22:36:39.287+00:00 Thanks @Limitless Technology . So I guess it all comes down to those Policies no longer applying properly.. which would make sense why any previously built Surface Hubs allow certain admin accounts to login. However any that have been recently provisioned dont.
I'm currently trying to troubleshoot the following error, on the "ConfigureGroupMembership" setting, which happens to be the setting that contains the list of admin accounts for the Surface Hubs.
Setting: ConfigureGroupMembership [./Device/Vendor/MSFT/Policy/Config/RestrictedGroups/ConfigureGroupMembership]
Error Code: 0x87d101f4
Error Details: Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the requestAny ideas why it is failing to apply?:
-
Michal 101 Reputation points
2021-11-01T05:18:53.507+00:00 Thanks everyone for your help. As @Limitless Technology mentioned the issue was caused by the policy not applying correctly.
To resolve the error I first re-did the XML for the OMA-URI "./Device/Vendor/MSFT/Policy/Config/RestrictedGroups/ConfigureGroupMembership" to only be based off a Group, instead of individual accounts. I waited for the policy to apply and it worked!
So I tried to then add the users in individually after the group, waited for the policy to apply and it still worked!
So I'm not sure what the exact issue in the XML was, however recreating it from scratch worked!! :)
End result of XML: