Skip to main content

In PMFW , we are seeing cases where after upgrading from windows 10 to windows 11 .  the task manager when opened normally does not open instead it asks for admin privileges  and give Level 2 admin elevation prompts to access Task manager.

 

How can we fix this with help of beyondtrust.

Hey Akshay,

 

Which user account types are you seeing this behavior with? In other words, are you seeing these prompts with Standard users, Power Users, Local Administrators, etc.?

 

The reason I ask is because Taskmgr.exe is one of those applications set with the “highestAvailable” UAC manifest. This means that if you are running as a local Admin (or even as a Power User), Task Manager will require you to elevate at launch, even when elevation has not been explicitly requested by the user. Regedit behaves this way as well, I believe. From Microsoft’s docs (regarding highestAvailable):

 

The application runs at the highest permission level that it can. If the user who starts the application is a member of the Administrators group, this option is the same as level="requireAdministrator". If the highest available permission level is higher than the level of the opening process, the system prompts for credentials.

 

You can confirm if a program is running elevated a couple of different ways, for example:

  1. Add the column “UAC Virtualization” in the Details tab of Task Manager. IF a process has the entry in that column of “Not Allowed,” then it is elevated.
  2. You can also use SysInternals Proc Explorer to check the specific privileges of a process (looking for more powerful privs like “SeSecurityPrivilege”).

 

For more information on application manifests: Application manifests - Win32 apps | Microsoft Learn

Hi Neil , i checked all the users which are facing this are normal users over their workstations. 

Only task manager and event viewer when opened normally goes rogue and tries to launch with admin privileges.

 

 PS:. Issue is not solved  just marked Neil answer to be best answer and it got resolved. Will take next time.

Hi Akshay,

 

Seems there should be a policy which is hitting for those users who are getting the elevation, Check if you have enabled events and if you can go through the event you can narrow the issue and fix by changing the app rule.

regards

Naveen

This is a random issue , not every single user is facing this issue. Some set of users is facing this issue and as per checking over policy every user are part of same policy so no different rule which can cause elevation are there.

Reply


Badge Earners

  • BCIE: Privileged Remote Access
    Bruceyhas earned the badge BCIE: Privileged Remote Access
  • BCIE: Remote Support
    Bruceyhas earned the badge BCIE: Remote Support
  • BCA: Privileged Remote Access
    linehas earned the badge BCA: Privileged Remote Access
  • BCA: Password Safe
    linehas earned the badge BCA: Password Safe
  • BCA: Password Safe
    MedBouhas earned the badge BCA: Password Safe
Show all badges
Terms & ConditionsCookie settings