Reset Search
 

 

Article

KB26516 - Non-admin users receive a User Access Control prompt when installing WSAM on client systems

« Go Back

Information

 
Last Modified Date8/3/2015 6:26 PM
Synopsis
This article describes the issue of non-admin users receiving a User Access Control prompt, when installing WSAM on client systems.
Problem or Goal
On user's client systems, the Juniper Installer service is present. When the user connects to the VPN for the first time, the WSAM install prompts for User Access Control. Users, who are not administrators on their client systems, cannot accept and they cannot turn off the User Access Control control on the client system.

By default, the User Access Control level will be turned on. Whenever the non-admin user tries to download the client software, the User Access Control prompt will be displayed. Each time an endpoint is authenticated and the Windows Secure Application Manager wants to run, it prompts the user to provide administrative permission. The following image illustrates the User Access Control prompt:

Cause
Solution
WSAM requires elevated permissions on client systems.

With the admin user, WSAM asks for elevated permission, as there are certain operations that require admin privileges; for example, syncing bypass list, flushing NetBIOS and DNS cache, and so on. WSAM can perform all of these operations by itself, when launched with elevated permissions via the admin-user.

To perform the same operations in non-admin, the user will have to provide admin credentials at the UAC prompt, when WSAM is launched. But, It is not desirable for a non-admin user to provide admin credentials.

So, for non-admin users, the JIS installer service, which runs under system privileges, is available to perform all of these operations on behalf of WSAM. JIS is meant for only non-admin users.

This is working as design on Windows Vista onwards. The Juniper Installer Service will only facilitate the Juniper Client components to run in a non-admin user account; but cannot help in bypassing the User Access Control prompt. Launching WSAM also requires a registry modification that will invoke the UAC prompt. UAC is prompted, as SAM makes changes in the IP stacks. Due to the nature of this operation, UAC is prompted.

This behavior is due to the security feature in Windows. You may not be able to bypass the prompt, without disabling it. To resolve this issue, you need to reduce the UAC settings to Medium or Medium-Low. Alternatively, you can exclude dsSamProxy.exe in the firewall or anti-virus program, as dsSAMProxy.exe requires elevated permissions.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255