We have an issue when we are using Remote Tools connecting to Windows 7 machines. The initial connection is fine, however if something needs to run on the local machine that requires elevated priveledges, the remote session drops and then requires remote desktop. Is there a fix for this. I have read users turn off UAC, but we do not want to do this. Please help, thanks

Currently there is no fix for this that I am aware of. You cannot use remote tools while the computer is in a locked state. When the UAC or elevation window pops up it darkens out the rest of the computer essentially locking the computer. try a computer that is locked. Doesnt work does it? you need to remote desktop in to the computer. You can only use remote tools if the user on the distant end is logged in. From my experience using vista and sccm remote tools its the same result it has to do with the RDP Stack in vista I assume in win7 its similar. this has been a downfall in sccm remote tools. look for improvements in this functionality in SCCM VNEXT. I dont understand why Microsoft would've done this it doesnt make sense why would you remote to a computer if you cannot perform administrative functions Unfortunately, in order to get better security with the new version, Microsoft switched to the Vista RDP Collab protocol. That protocol does not include the features needed to even send a ctrl alt del Remote control has long been a key feature of Microsoft Systems Management Server (SMS) and has been enhanced in Configuration Manager. Performance and security has been improved, and a the new remote tools agent is now tied in to the RDP stack included that supports the Remote Desktop Protocol (RDP) used by Remote Desktop and Remote Assistance http://www.myitforum.com/articles/42/view.asp?id=11455

That's not entirely correct. Yes they completely redesigned Remote Tools in ConfigMgr so it works completely different and yes you can only connect if the user is logged in and the session is not locked. However, UAC/elevation issues are not by design and are the result of a bug. There was a patch specifically addressing this issue for Windows Vista in ConfigMgr SP1. I have not heard or seen an update specifically addressing this issue in SP2 or Win 7. Do you have SP2 installed? If not, this patch may also be applicable to Win 7: http://support.microsoft.com/kb/956941/en-us.Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

hi and thanks for the reply we do however already have the latest patch for Configmgr installed. It is unfortunate there is no other way around this issue other than RDP.

CSS?? Microsoft Customer Support Service (CSS)

No workaround, the user is observing the correct behavior. UAC should be turned off in these situations. Side note. ConfigMgr code should turn off UAC, but in some situations such as if the user that is operating the viewer is a low rights user and the host user has Administrator privileges then it does not turn it off on connection.

I believe that the solution is to enable the Computer group policy "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop." This will disable secure desktop while you are connected to the client workstation via remote desktop and remote assistance but still leave UAC running. We have 2007 r2 installed, i enabled this policy, verified it was enabled.. but for instance, running regedit on the remote tools, remote machine, caused it to kick out, even with this set.. So for me the issue still persists. We also are experiencing this problem - the GPO setting is in place, but the UAC prompt still pops up - and happens so often that it's actually easier to visit the users' machine, which sort of defeats the point of Remote Control in the first place. Does MS still not have a fix or solution for this? I could understand the delay if it was a third-party app... I told you the Amiga was better