Skip to main content

 

ConnectWise

Control Windows UAC dialogs

  1. Last updated
    Jan 22, 2024
  2. Save as PDF

Introduction

This article discusses ScreenConnect™ and its handling of Windows User Account Control (UAC). Hosts in support sessions may find that they have no control of a remote machine whose guest is not an administrator. This article will also explain how to "elevate" a support session to control UAC dialogs.

About Windows UAC

Microsoft incorporated UAC in its operating systems to balance Windows security and flexibility. Windows UAC allows a user account to "elevate" its permissions to run a specific program, granting itself more privileges without having to log out and log back into Windows as an administrator. For example, if a user is asked if a particular program should run, the user will be elevated if he or she selects "yes" from the UAC prompt. This way, unless the user explicitly grants them permission, certain programs cannot wreak havoc on a system. In addition, the user cannot modify vital system files unless they have  elevated permissions. More on the mechanics of UAC can be found at Wikipedia.

If the guest is an administrator

If the guest is an administrator, the host should be able to control all UAC prompts & elevated management consoles until the support session ends.

If the guest is not an administrator

In order to control a non-administrator's machine and view UAC dialogs, a host will need to elevate the session into "service mode." 

Note: This applies only to support sessions, as access sessions are already elevated into service mode due to the installed agent. 

There are two places to view notifications that a session can be elevated: at the top of the host client or in the Status menu.

Elevate a support session into service mode

By using the Send Ctrl+Alt+Del command, hosts can elevate themselves into service mode and control a guest's machine. 

To elevate a session into service mode as a host:

1. Open the Essentials menu and select Send Ctrl+Alt+Del

In the host client, open the Essentials menu and click Send Ctrl+Alt+Del

HostClientEssentialsSendCtrlAltDel.png

2. Enter administrator credentials

Enter local machine or domain administrator credentials and click OK.

HostClientRunServiceMode.png

Note: If you are a user connected to a Microsoft Entra ID domain, enter your credentials in the form azuread\jdoe@jdoe.com. If needed, open a command prompt and enter the command whoami to find your Entra ID credentials.

 

3. Wait to reconnect to the session

A Windows prompt on the guest's side will appear, and the guest will then need to click Yes to elevate the session into service mode. You will temporarily disconnect from the session until the guest has clicked Yes.

 

What's next

Once the host has elevated a support session, ScreenConnect runs as a service and allows the host to control all UAC prompts. After the session has ended, ScreenConnect will exit service mode, and the elevation levels of both the guest and host will return to their original states before the session.