The most common issues with the Privileged Access Management product are related to misconfigured settings or misunderstanding of the way the product is intended to work.
1. Why am I being prompted by the UAC after starting an Administrator elevation?
2. I am using Run with AdminPrivilege to run an installer but the installation process does not work
3. I am not able to elevate due to a Next-Gen Antivirus / VectorN detection
Why am I being prompted by the UAC after starting an Administrator elevation?
BEHAVIOR: after starting an Administrator elevation, I am still being prompted by the UAC for credentials.
SOLUTION: the Privileged Access Management module elevates the currently logged-in user by making it a member of the local Administrators group on the endpoint. An elevation does not interact with/change the way the UAC works and this is the reason why the UAC will still get prompted to enter Administrator credentials. In the case below, the user is logged with a standard user (TestNoAp) and when it gets elevated, it is promoted in the Administrators group. Once the remaining time expires or the elevation session is revoked, the TestNoAp user will be demoted to standard permissions.
So, to use the elevation, when getting prompted by the UAC, the TestNoAp user needs to enter his/her password to be able to perform the actions as Administrator.
I am using Run with AdminPrivilege to run an installer but the installation process does not work
BEHAVIOR: I want to run an installer using the Run with AdminPrivilege but the installation process does not work.
SOLUTION: the Run with AdminPrivilege feature is a single-file elevation that runs the file under the NT Authority\System user and this means that installers (some applications can be installed under SYSTEM context or under USER context and other applications can be installed under USER context only) or processes that require to run under a user account will not work.
Another reason why an installer starts but fails to install the application is that the installer is spawning other processes (that require Administrator permissions) but the Prevent spawning other processes feature is enabled. To solve this issue, make sure this option is disabled.
I am not able to elevate due to a Next-Gen Antivirus / VectorN detection
BEHAVIOR: I am not able to elevate due to a Next-Gen Antivirus / VectorN detection.
SOLUTION: the Privileged Access Management product can prevent a user from getting elevated if the HEIMDAL Next-Gen Antivirus or the VectorN Detection engine has found recent malicious files/events. Privileged Access Management considers the detections discovered in the past 7 days by the HEIMDAL Agent. Unfortunately, detections cannot be removed, so, the recommended solution to this situation is to disable De-elevate and block elevation for users with risk or infections.
f none of the above help please reach out to the HEIMDAL Security Support Team.