Versions Compared

Old Version 10

changes.mady.by.user Max Pinion (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Max Pinion (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Increase the logging level on the client machine which has the ACS agent installed to 1f. It may help to clear the log files on the client machine to expedite the search.
  2. Turn off the secure desktop.
  3. Download and run the Process Explorer from Microsoft (for information on how to use the Process Explorer, go to the following heading Use Process Explorer from the former SysInternals). Because secure desktop is turned off, Process Explorer will run behind the UAC prompts on your screen (just drag the UAC dialog box to the side). 
  4. Right-click the process and click Properties to view process details.
  5. Execute the process or program in question.
  6. Search for "has image name" in the ACS_.log files on the client machine.   All the processes which that ACS is detecting will be listed there.

  7. Keep track of the processes in a table if necessary, like the following:

    Process name

    PID

    Parent PID

    Start time

    End time

     

     

     

     

     

     

     

     

     

     

  8. Search for "process start" in the ACS_.log files and put the PID in the table.
  9. Then search forwards and backwards for the PIDs in question and fill out the rest of the table.  Note:  If the process did not finish then there will be no end time.  Just use the last entry time.
  10. Then evaluate the data in the table and see which process needs the Application Initiation policy or a standard Application Control policy with a Rights Action (maybe including the using the Users unrestricted token).

Anchor
pro
pro
Use Process Explorer

...

To run Process Explorer from the former SysInternals (now with Microsoft) - Process Explorer download, do the following steps:

  1. Run Process Explorer and by default it will show the hierarchy of the processes running on the computer. 

...

  2. Apply UAC to the parent process and

...

  1. allow it to flow to child processes

...

  1. .
  2. Use Process Explorer to find out what process or process family runs a window or parts of a window. 

...

  2. Click and drag the icon on the menu bar

...

  1. that looks

...

  1. like a target

...

  1. over

...

  1. the item

...

  1. that needs to be elevated

...

  1. .
  2. That process or its parent process would be the appropriate place to test elevating the process to

...

  1. verify that it is the corrrect process.