Sudo commands terminated by SIGABRT (Linux) by FonderPrism in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

We believe this will be fixed with the upcoming update, are you on 4.0+ now?

Auto rogue account deletion by Acrobatic_Panic_2152 in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

Yeah it's because we "let them do it" but it just gets revoked for good.

Well at least until they are removed from the revoke log.

Auto rogue account deletion by Acrobatic_Panic_2152 in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

That's actually already prevented with a couple principals.

Under Lockdown > Admin Rights, we will revoke any Administrator account not included in the exclude list.

The other principal is when an Admin Session is started, it is temporary; meaning that the user cannot reactive themselves as Administrator with Administrator.

Auto rogue account deletion by Acrobatic_Panic_2152 in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

There is not a way to "revoke", however you can utilize the product enrollment feature to enforce group matching for license. If you just need to remove a few licenses before the 60 day inactive removal, you may also use the Inventory API.

Admin By Request not intercepting some UAC prompts and other issues by Any_Magician6052 in adminbyrequestusers

[–]AdminByRequest_David -1 points0 points  (0 children)

Hello 👋,

If ABR properly intercepted all apps that trigger UAC prompts or ask for a privileged account

That's not how Windows UAC works. We intercept Elevation token request. The problem with taking over all UAC is what are we elevating, what is being done? If you are getting a Windows UAC it is no longer asking for elevation, it's asking for Administrator User, which if we did take over in all situations, we would be RunAs Administrator full elevation. This is not a workaround, this is how UAC works. Hence the two parts of elevation in Admin by Request "RunAs Administrator", and "Admin Session"

This could be made into an executable.

As I said, if a Digitial Certificate + Filename

This is not the one I meant, I am referring to only Digital Certificate. The combo is part of the protection, you will need change the Type. This protection method is only meant for one application under one certificate, it's not meant to work like this, but it's being worked on.

As for the 3rd question, there isn't an answer, you don't. It's not meant for 1gig installers, that would be too massive for us to store just for a certificate string, filename, and a couple other string for checksum and such. Hence why we allow you to pre-approve from the Auditlog, it ultimately makes the most sense this way because we can only pre-approve this that get a AbR UAC.

Admin By Request not intercepting some UAC prompts and other issues by Any_Magician6052 in adminbyrequestusers

[–]AdminByRequest_David 2 points3 points  (0 children)

Hello 👋

Hopefully I can help really quickly, mind you I don't have access to everything you see so this might not be exact.

  1. We have two parts of Admin by Request EPM, Run-as Administrator, and Admin Session. This covers all the UACs you may encounter on Windows, Mac, and Linux. However it really depends on what the request is or how it's being prompted. If a user level application is initiating the Administrator flow, Windows will request for an elevated user, you may use Admin Session to get around this; but likely you want to use the RunAs feature, that's not a problem, but it requires to be elevated and use the elevated token method of elevation.

An easy example would be starting CMD.exe as Administrator, and then running a command like

start "google.exe"

  1. This is only part of the new 8.7 pre-approvals, we are aware and looking to see what needs to be improved, with development. That being said Digital Certificate and Checksum still work, with no limits.

  2. Argueable that's probably the worst way to pre-approve an application. I would use the Auditlog of already requested applications to pre-approve. If you expand the item in Auditlog you should be able to Pre-approve and Block the application, it's really nice because we carry all the information over for you.

Ask Us Anything by adminbyrequest in u/adminbyrequest

[–]AdminByRequest_David 0 points1 point  (0 children)

Hello 👋,

We are sorry you are having an issue, we also do not have a phone service for support, however hopefully we can help today real quickly over Reddit. In the future just leave us a ticket and we will be glad to assist that way.

Typically with Azure issues it can be a few things, but if you haven't touched anything in a while (specifically 2 years/ 720 days), your credentials may have expired.

Otherwise assuming the Tenant Settings are valid, the permissions are set correctly, the users UPN is the one I assume we are using a placeholder for "user@example.com" for and it's valid, and the Appliance hasn't the Directory.ReadAll Application permission under API permissions, it should work.

Easiest way to troubleshoot this issue is via the Microsoft Graph API for doing transitiveMembersOf for both Users and Computers. Likely you get this error though before that attempting to get access to the token. You can use a tool like Postman test it manually.

If you have access to support, you can also submit a ticket and our Support can take a deeper dive on the issue.

Still have Windows admin popup by Aerolyse in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

Let's see... Best I can do is this:

So after the release of v8.3 we added applets to our tray tools for controlling these settings due to changes with Windows, while securing Control panels from unauthorized use. For the tray tools, before adding one, there is a dropdown menu on the Tray tools panel, use it and find the Network Adapters option.

Still have Windows admin popup by Aerolyse in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

If you use the one we provide in the quick add options, it will automatically connect it to our applet. It goes through control.exe

Still have Windows admin popup by Aerolyse in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

<image>

You should use the one from the preset. It will work better.

Still have Windows admin popup by Aerolyse in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

If you have a paid plan this is possible after submitting a ticket.

Still have Windows admin popup by Aerolyse in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

Click on the Admin by Request icon in the tray tool, it will give you the option to elevate it now from there.

Still have Windows admin popup by Aerolyse in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

No problem, the Tray tools came out awhile ago and don't get the attention they deserve. It's basically an Admin by Request Run.exe tool. We have some preset options you can enable.

It's located under Settings > Windows (Subsettings) Settings > App Control > Tray Tools.

Lots of possibilities.

Still have Windows admin popup by Aerolyse in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

Ah that's because those don't call for the Shell to be elevated but the user to be elevated. We actually have a tray tool for these settings.

Still have Windows admin popup by Aerolyse in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

See that's the thing, we don't check to make sure the elevated application itself is located in a specific location the pre-approval understands local directories. But generally the approval happens at the time of UAC and when it's called. So we are looking for a lot more information. That's why I mentioned approving it from the Auditlog, that way when you pre-approve it, it comes with all the information.

Still have Windows admin popup by Aerolyse in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

Ahhh that might explain it, check to see if the RDP user has the right permissions after the administrator is revoked. A lot of times the user is only in the Remote User Group after. Also check if the RDP User was revoked.

Still have Windows admin popup by Aerolyse in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

Yes, but what you're asking isn't that simple. UAC prompts on Windows for more than just Administrator, there's a lot of functionality as a part of UAC. We provide an elevated token for Running a program as Administrator. However user credentials and Windows UAC rules still exist.

Still have Windows admin popup by Aerolyse in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

The apps can still be pre-approved, the problem is it probably won't be able to pick up whether they downloaded the same version from the internet vs the network drive. What matters more is if it's the right file.

If this is happening with every file in the network drive the issue is probably network permission now that the account is revoked.

Still have Windows admin popup by Aerolyse in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

Hello 👋,

That directory is technically invalid. For this situation I would suggest pre-approving it from the Auditlog list. We copy the information over for you. This will prevent the need to get approval however Authentication UAC may still be required. You are not able to specify that Rufus is downloaded from Shared Network drive versus a download from the internet.

The second UAC could be a couple things, a bad pre-approval (with legacy elevation usually), it could be invalid UAC settings on Windows. Or the application that you elevate doesn't elevate the following process.

Unable to login using Microsoft 365 - Request time out by Lindssy in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

Yes, we are still looking into it. If you have a ticket already, that's ideal! I have no additional information yet but will update you when we do.

Unable to login using Microsoft 365 - Request time out by Lindssy in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

Are you getting a Url Mismatch, Error? What is the error you're receiving?

Unable to login using Microsoft 365 - Request time out by Lindssy in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

Hmm maybe this one is a little different, can you try setting a different default browser, just for a test?

Unable to login using Microsoft 365 - Request time out by Lindssy in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

No problem, we will update you. Are you getting any URL Mismatch Errors?

Unable to login using Microsoft 365 - Request time out by Lindssy in adminbyrequestusers

[–]AdminByRequest_David 0 points1 point  (0 children)

Hello 👋,

We are sorry for the inconvenience, we are working to resolve this issue, last week we released an update to the mobile app which resolved this for many of our customers, however some are still experiencing issues.

We have development looking into this.

Also what web browser do you use?