Desktop sharing and UAC not working : normal behavior or missing feature ?
-
Wednesday, September 09, 2009 12:18 PM
Quick regarding the desktop sharing between 2 MOC R2 client.
In a Desktop Sharing sessiosn, if a user gives me control , to install an appliaction for example, UAC prompts for I see only a black screen.
Just wondering if it is a normal behavior or missing feature ?
Regards
Jean-Philippe- Moved by Matt Sousa - MSFT Wednesday, December 16, 2009 11:22 PM forum migration (From:OCS Setup & Deployment)
All Replies
-
Wednesday, September 16, 2009 4:35 AMModeratorhi
Per your description, do you mean that you just only see the background of the screen, or you cannot see anything of the desktop?
Regards! -
Wednesday, September 16, 2009 10:25 AMI cannot see anything of the desktop....it become all black.
JP -
Wednesday, September 16, 2009 3:20 PMI think you need to turn off secure desktop in Vista. Start - Run - gpedit.msc - Computer Configuration - Windows Settings - Security Settings - Local Policies - Security Options and then twoard the bottom look for Allow UIAccess applications to prompt for elevation without using the secure desktop and set this to disabled.
-
Wednesday, September 16, 2009 10:32 PMThanks for your reply SBDriver
Turning off secure desktop did not help.
In a desktop sharing session, if the user (that share his desktop) installed an app, the UAC prompt....so far so good.
The problem is that all I all is a black screen....so I cannot input my credential.
I don't have that problem during a remote assistance, but I find Communicator desktop sharing more useful.
My question is: has anybody was able to see a UAC prompt in a MOC desktop sharing?
Thanks
JP -
Thursday, September 17, 2009 3:47 AMModeratorhi
Per your description, when the UAC prompt, after you click the yes button, and the black screen turn out, so you cannot input your credental, right?
How about when you disable the UAC, please try it.
You can refer to below link:
http://blogs.msdn.com/tims/archive/2006/09/20/763275.aspx
If I misunderstand your issue, please tel me.
Regards! -
Thursday, September 17, 2009 4:17 AMHi Gavin,
"Per your description, when the UAC prompt, after you click the yes button, and the black screen turn out, so you cannot input your credental, right?"
I don't get prompted to click Yes....it is the user UAC prompt to input a Admin account.
Of course it works if I disable UAC.... :-) but I don't want to disabled UAC. It would go against our security policy.
Can anyone reproduce that behavior?
Am I the only one having the issue?
Did anyone was able to make it work?
Thanks
JP -
Thursday, September 17, 2009 4:34 AMModeratorhi
Like SBDriver said, after you diable the "Allow UIAccess applications to prompt for elevation without using the secure desktop", did you refresh the policy of your computer? Check it again, ensure that it is really disabled.
Normally, the issue caused by that.
Regards! -
Thursday, September 17, 2009 11:43 AMIt is really disabled, I am triple check.
Gpupdate /force
reboot twice..
Same behavior.
JP -
Thursday, September 17, 2009 11:56 AMIt is really disabled, I am triple check.
Gpupdate /force
reboot twice..
Same behavior.
JP -
Monday, September 21, 2009 5:02 PM The UAC prompts in Windows Vista are offered in a Secure Desktop (this can be modified to a simple window). The Secure desktop by design can not be accessed using a standard sharing session, and hence you see a blank screen.
As a recommendation, PLEASE DO NOT DISABLE UAC
You can change the policy in your local Security Policy
Please set the following to disabled
Security Setting >> Local Policies >> Security Options >> USER Account Control : Switch to secure desktop when prompting for elevation
This will bring the UAC on the users desktop and can be accessed via Desktop Sharing. This is a better option , as UAC is in place, and malicious applications do not have access to elevated privileges, until a user signs-off.
Note: The RDP 5.0 didnot support secure desktop or elevated prompts. The next version of OCS, will probably be built with RDP 6.0 and will natively support the escalation prompts, and secure desktop.
-
Monday, September 21, 2009 5:09 PMHi Sri,
I will give it another try, has I think already tested out that solution in my domain GPO and it did not work.
I will let you know.
REgards
Jp -
Thursday, September 24, 2009 11:13 AMHi again Sri,
Ok we are 1 step closer :-)
I can now see the UAC windows (Username/Password) but even if the person gives me control, I am not able to type anything in the Username /Password filed.
Any idea why?
thanks for your help
regards
JP -
Friday, October 02, 2009 2:44 PManyone?
-
Friday, October 02, 2009 5:44 PMGlad to hear that we are one step closer to the solution
I wanted to know if you were trying desktop sharing using the rich client or CWA when you see this behavior.
I will try to reproduce the same and try finding a solution in a day or so. -
Saturday, October 03, 2009 7:02 PMThanks for your reply,
I am testing with the full Communicator client.
thanks
JP -
Wednesday, October 14, 2009 9:56 AM
Hi all,
We are having exactly the same issue here - using the OC R2 rich (installed) client on both sides. We turned the secure desktop off (not the UAC, only the dimmed screen), so now the prompt is visible, but I cannot input anything in it. The server is OCS2007 (not an R2), but I suppose this is not having anything to do with this issue.
The interesting thing is that this is not a problem using Remote Assistance; but as JP said earlier, OC is much easier to use for both the parties (user and administrator).
I would appresiate any input!
Thanks,
Ivailo -
Monday, October 26, 2009 8:43 PMWe are having the same issue... hopefully there is a resolution to this...
-
Friday, November 06, 2009 2:04 AM
UPDATE:
I have open up a ticket with Microsoft Premier Support:
Bad news guys:
It is a know bug issue.
The PM group is aware of that bug and the bug it in their to do list.
I did not have a ETA on that bug fix.
I will keep this post open if I have any update. -
Friday, November 06, 2009 5:19 AMModeratorHi
Thanks for your share!
Best regards! -
Friday, December 04, 2009 6:16 PMAny movement on this by Microsoft yet?
-
Friday, December 04, 2009 11:56 PM
It is a bug, but that will be resolved in the next version of OCS.
But, we have build up a business case, and hopefully, they ill come out with a Hotfix in Q1 2010
I will keep this post update.
JP -
Wednesday, February 17, 2010 3:20 PMAny news on this? We use the MOC 2007 R2 client with the latest patches applied and it still doesn't work...we cannot control the screen once you use the "run as administrator" option.
-
Wednesday, February 17, 2010 9:49 PM
Will not be resolved in MOC 2007 R2 :-(
sorry about that..
JP -
Thursday, February 25, 2010 9:43 PMMaybe this has been mentioned already, but we did find this solution works for us...
* have the person wanting to share their desktop completely close the OCS client (make sure it is completely closed, including the systray icon)
* have the person re-lauch the OCS client, running as administrator (we had to hold down shift and right-click the icon)
* share the desktop via OCS
* have the sharing user acknowledge any UAC prompts
sometimes the user would have to re-give control after acknowleding the UAC prompt, but not always.
Not pretty, but useable for us anyway. -
Friday, February 26, 2010 2:01 AMYeah but that means the users knows the local admin password on the workstation...right?
JP -
Friday, February 26, 2010 7:37 PMIm also stuck in this same boat. My engineers use communicator to remote in and fix issues and cannot get past this UAC issue. I have done as described above and like the others, i can now see the UAC interface but am unable to actually type anything into it. Im using OCS R2 and still no luck.
Any word on this patch?
MD -
Thursday, April 29, 2010 8:06 AM
Any news on the hotfix?
This is really getting the better of my temper at the moment :)//Erik
-
Tuesday, May 18, 2010 9:41 PMBUMP
-
Wednesday, May 19, 2010 10:20 AM
This bug will not be fixed in the R2 version.
No hot fix will be made available.
-
Friday, May 21, 2010 4:20 PM
Is there somone from Microsoft that can comment on this? Not being able to confirm the UAC prompts really causes problems when assisting people.
Kveðja,
Nóri
-
Saturday, May 22, 2010 3:48 PM
I have already open a case, and did some escalation.
I own a Microsoft Partner company and I am also Virtual TS for Microsoft on OCS.
I went has up to the product group.
And unfortunately, they will not resolve the issue.
The issue itself is not an OCS problem, but more the UAC functionnality in Vista/Win7
JP
-
Monday, May 24, 2010 5:11 PMIs there any microsoft product that will allow a helpdesk tech to remotely connect to a workstation and interact with UAC prompts? Or has MS just given all of us the shaft? Are we being forced to go 3rd party on a basic function like this?
-
Tuesday, June 22, 2010 6:45 PMWindows Remote Assistance. It will require you to make a few group policy changes, however it works great in our environment.
-
Sunday, October 24, 2010 12:49 AMWhat changes in GPO do you have to make to get Windows Remote Assistance to work with UAC prompts where the helper provides the admin passwords for the end user?
-
Thursday, March 03, 2011 3:06 PMAny Update on this. I'm able to assist user through OCS untile the UAC prompt appears...Ok when they are sitting in front of their computer, but if they happened to walk away for a moment, just left here waiting. We are using OCS 2007 R2 and Windows 7.
-
Monday, July 04, 2011 8:28 AMAs a solution: Please make sure the Terminal service is started, as is required for application sharing
- Proposed As Answer by Helloakash Monday, July 04, 2011 8:28 AM
- Unproposed As Answer by JP BretonMVP Monday, July 04, 2011 12:16 PM
-
Monday, July 04, 2011 12:16 PM
This is a Windows UAC issue behavior..
It has nothing to do with Terminal Service.
Jean-Philippe Breton | Senior Microsoft Consultant | MCTS, MCITP, MCT, MVP -
Wednesday, August 24, 2011 4:06 PMHi JP:
Any news or solutions to this issue? I encountered the same issue as you with OC - I can use remote assistance but would rather use MS Lync. -
Thursday, February 09, 2012 7:54 PM
Hi,
I don't think there is any patch/hot fix released on this problem as of yet. Still an on going problem and alternates are Remote assistance or RDP.
-
Thursday, March 22, 2012 4:55 PM
Hi again Sri,
This is as far as we have gotten as well. Any further help on this?
Ok we are 1 step closer :-)
I can now see the UAC windows (Username/Password) but even if the person gives me control, I am not able to type anything in the Username /Password filed.
Any idea why?
thanks for your help
regards
JP -
Thursday, March 22, 2012 4:59 PM
Hi JP:
Are you saying with remote assistance, that you can enter your admin credentials? The talk here is that you can disable Secure Screen and SEE the credential prompt, but you can't type into it.
Any news or solutions to this issue? I encountered the same issue as you with OC - I can use remote assistance but would rather use MS Lync. -
Thursday, March 22, 2012 9:40 PM
Windows Remote Assistance does fully support the UAC / Secure Screen , and the ability to enter Admin Credential during Remote Assistance session.
If you really want to use Lync , and be able to install application to your users workstation during a Desktop Sharing session, the Secure Screen will need to be disable with GPO.
If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks.
Jean-Philippe Breton | Senior Microsoft Consultant | MCTS, MCITP, MCT, Lync MVP -
Thursday, April 05, 2012 11:24 AMCan you please post OS details?
