We are migrating to Beyond Trust’s “Privilege Management for Windows” which automatically elevates our SCCM packages to administrator permissions when the package executes as the logged-on user. When the package is elevated from this tool, even if we are marking it as silent in PSADT and the SCCM program flags, there is a brief <1sec PowerShell looking prompt that pops up and takes the window focus (I say “PowerShell looking” because when I look at the ProcMon trace it appears to technically be conhost.exe).
Has anybody experienced anything similar to this? This appears to specifically be related to Deploy-Application.exe being elevated by the tool. This does not happen with Beyond Trust’s older tool “PowerBroker”, which is what we used to use. This is happening with the past few versions of PSADT I’ve tested with, going back to 3.8.2
The workaround I’ve found is changing the AppDeployToolkitConfig.xml “Toolkit_RequireAdmin” option to False. This will no longer trigger a UAC prompt when executing Deploy-Application.exe, resulting in a silent execution. This leads me to believe that the UAC prompt triggered from PSADT is different, or at least is being handled differently by the auto-elevation tool than “normal” UAC prompts.
We have opened a ticket with the vendor, but I’d like to hear if anyone else has seen this. Because the default Toolkit_RequireAdmin value is True, we’d have to touch 25% of our packages. Not ideal, especially when we aren’t sure what other long term consequences there may be.