Ghost Solution Suite

 View Only

  • 1.  Privilege Elevation Challenges in Tasks

    Posted Oct 31, 2017 12:02 PM

    Is the below expected behavior?

    GSS 3.2 RU3 Run Script tasks when run as specific user, that is also a local administrator of the target machine, does not load an elevated process.

    It's easy to duplicate by running a Run Script task, as a specific user, that is local administrator, maximized, and with a 'Pause' statement. If you look at that cmd.exe session in task manager, you will see that the elevated column shows 'No'.

    When tested against a DS 6.9 SP6 installation, the process was run in an elevated session.

    So, I'm curious. Where is the bug? Within an old DS install or within the new GSS environment?

    Thanks



  • 2.  RE: Privilege Elevation Challenges in Tasks

    Posted Nov 06, 2017 12:30 PM

    Is your "local administrator" account a true local account or is it a domain account with local admin rights?

    If you are working with Windows 10 or Windows 7, have you tried the same test with UAC turned off?  Although an account may be a member of the local administrators group, it does not have Admin or Elevated rights by default, except with UAC turned off completely. With UAC enabled, the user needs to respond to the elevation request in order to run a process elevated, but you cannot do this in a script.

     



  • 3.  RE: Privilege Elevation Challenges in Tasks

    Posted Nov 07, 2017 09:18 AM

    Thanks Ed

    We opened a support case with Symantec. It has been submitted to development for review. I'll post back into this thread as it progresses.



  • 4.  RE: Privilege Elevation Challenges in Tasks

    Posted Nov 22, 2017 10:27 AM

    A pointfix is being released to correct this defect

    http://www.symantec.com/docs/TECH248197