Capture is stopped after local user consents to UAC prompt

[deajan]

Hello,

Using meshcentral for a while to help family and friends. I noticed twice that the captured desktop stops refreshing after a local UAC prompt showed up and the local user allowed it. Last time I noticed this was with meshcentral v0.8.32, hosted on CentOS 8.3 x64, client computer was Win10 x64 1909.

Steps to reproduce: On a Windows 10 computer, run the agent as temporary agent using 'connect' button as local administrator. Once you're connected to the remote screen, run let's say cmd.exe, then right click on the cmd program icon and click run as administrator On the windows 10 computer, consent to the UAC prompt locally. Now the server does not have any remote desktop updates anymore and is stuck with the "pre UAC prompt screen". Clicking 'refresh' button does not help.

Disconnect and reconnect to the desktop solves the issue.

I do understand that the UAC prompt cannot be captured in temporary non privelege execution, but when the UAC prompt is locally accepted, it should resume the desktop capture process IMHO.

Best regards.

[EDIT] Of course using the agent as installed version does work well with UAC[/EDIT] [EDIT 2] Once the agent has been installed, after uninstallation, I cannot reproduce the problem. Willing to make tests on requests[/EDIT 2]

[Ylianst]

If the agent running in interactive mode (You run the agent and hit the "Connect" button?) or is the agent running as a background Windows service?

If running as the local user, it does not have the rights to capture the UAC screen and so, this is normal. If running as a background service with higher privileges, it should be able to capture UAC.

[deajan]

@Ylianst Please read my report again, it's stated. Agent runs in interactive mode. I get it that the UAC prompt won't be captured since it's on secure desktop, but once a local user accepted an UAC prompt, the desktop capture should resume, which it doesn't.

[Ylianst]

Oh! Got it. Sorry. Your right, it should resume capture. This is an issue for Bryan.

[deajan]

Any news for this ?

[krayon007]

The easiest workaround for this, is to run this console command, from the console tab: uac interactive

This will make it so you can see the UAC prompt. (It won't let you interact with it directly, unless the agent is running as background service. However, the screen capture will continue to work correctly.

The reason for the problem before, is that if UAC is set to secure, which is the default, and the agent is running as interactive, when the UAC prompt pops up, the screen capture process exits, and the agent tries to respawn the capture process as a different user, but becuase the agent was not running as LocalSystem, it lacks permission to do that, so the capture process is lost.

[deajan]

Related to #3167

[JSuenram]

Any update on this?

[krayon007]

The issue with this, is that normally when the secure desktop appears, the interactive agent's KVM process exits. The normal process flow, is that the parent process then spawns the child process as root.

However the interactive agent doesnt use a child process for the KVM, it does it in proc. I suspect that when doing it in proc, the secure desktop causes the thread to exit, but the parent isn't detecting this. I'll see if I can get the agent to detect this situation tomorrow. All it would need to do is respawn the tbread, which is essentially what happens when you disconnect and reconnect.

[deajan]

Issue resolved for me since at least v1.0.6x (sorry, didn't keep exact track of it).