In PMFW , we are seeing cases where after upgrading from windows 10 to windows 11 . the task manager when opened normally does not open instead it asks for admin privileges and give Level 2 admin elevation prompts to access Task manager.
How can we fix this with help of beyondtrust.
Best answer by Neil
Hey Akshay,
Which user account types are you seeing this behavior with? In other words, are you seeing these prompts with Standard users, Power Users, Local Administrators, etc.?
The reason I ask is because Taskmgr.exe is one of those applications set with the “highestAvailable” UAC manifest. This means that if you are running as a local Admin (or even as a Power User), Task Manager will require you to elevate at launch, even when elevation has not been explicitly requested by the user. Regedit behaves this way as well, I believe. From Microsoft’s docs (regarding highestAvailable):
The application runs at the highest permission level that it can. If the user who starts the application is a member of the Administrators group, this option is the same as
level="requireAdministrator". If the highest available permission level is higher than the level of the opening process, the system prompts for credentials.
You can confirm if a program is running elevated a couple of different ways, for example:
For more information on application manifests: Application manifests - Win32 apps | Microsoft Learn
Hey Akshay,
Which user account types are you seeing this behavior with? In other words, are you seeing these prompts with Standard users, Power Users, Local Administrators, etc.?
The reason I ask is because Taskmgr.exe is one of those applications set with the “highestAvailable” UAC manifest. This means that if you are running as a local Admin (or even as a Power User), Task Manager will require you to elevate at launch, even when elevation has not been explicitly requested by the user. Regedit behaves this way as well, I believe. From Microsoft’s docs (regarding highestAvailable):
The application runs at the highest permission level that it can. If the user who starts the application is a member of the Administrators group, this option is the same as
level="requireAdministrator". If the highest available permission level is higher than the level of the opening process, the system prompts for credentials.
You can confirm if a program is running elevated a couple of different ways, for example:
For more information on application manifests: Application manifests - Win32 apps | Microsoft Learn
Hi Neil , i checked all the users which are facing this are normal users over their workstations.
Only task manager and event viewer when opened normally goes rogue and tries to launch with admin privileges.
PS:. Issue is not solved just marked Neil answer to be best answer and it got resolved. Will take next time.
Hi Akshay,
Seems there should be a policy which is hitting for those users who are getting the elevation, Check if you have enabled events and if you can go through the event you can narrow the issue and fix by changing the app rule.
regards
Naveen
This is a random issue , not every single user is facing this issue. Some set of users is facing this issue and as per checking over policy every user are part of same policy so no different rule which can cause elevation are there.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
