Is there a possibility of adding a Credential prompting feature in the right click tools. With our security posture when I attempt to launch some of the options for the RCT (free), such as connect to regedit or admin share, I get an invalid credential logon. it appears that its launching it as the logged on user instead of the elevated credentials that the application is running under.
The strange thing is this only happens on some of the tools and not all. Any idea as to why?
I’ve started working on this in the next version for some of the remote filesystem tools. I hadn’t thought of the regedit prompt, I’ll look into adding it.
The prompt is inconsistent for a couple of reasons. We don’t have any code to prompt for credentials, we’re just relying on the default behavior of explorer.exe. It turns out, when you try to access a subfolder of a share that you don’t have permission to, it will not prompt for credentials, while if you access the share directly it will. For this reason, when we launch \computer\c$\windows\ccm\logs as a user that does not have admin permissions on the remote machine, the tools will failed with the invalid credentials message. If we tried to connect to \computername\c$ instead, we would be prompted for credentials. Once we’re prompted for credentials the first time, explorer caches this information and subsequent attempts to access \computername\c$\windows\ccm\logs should succeed until you log out of your machine. One workaround to this is to store credentials to access the machine in the Windows Credential Manager store - this is one of the features I’m working on adding in the next version. If we detect insufficient permissions, we will pop a login dialog, store the result in Credential Manager, and then launch explorer.exe.
The feature is partially there in the 2.5 release for the tools that launch explorer.exe. It will attempt to access the remote device and if it fails, it will show a prompt. Launching the explorer.exe tools will not work if you’ve run the ConfigMgr console as a different user - this is a limitation of explorer.exe that I haven’t found a way around. You can see explorer.exe start, but no window pops up and it eventually closes. I have not yet added a prompt for the Open Regedit tool, though I think using Credential Manager will work for that as well.