Administrative Privileges and Elevation (UAC): How AnyDesk Interacts with Windows Accounts and UAC Prompts

Question

Administrative Privileges and Elevation (UAC) - Gain access to administrative applications with AnyDesk. UAC protects against unauthorized system changes. See default behavior with installed or portable AnyDesk for interaction with UAC prompts. Elevate session for full control.

Expert · Accepted Answer

Administrative Privileges and Elevation (UAC)

Table of Contents

Default Behavior with Installed AnyDesk
Default Behavior with AnyDesk Portable

The Windows User Account Control (UAC) prevents unauthorized users from making system changes without the administrator’s permission.

Access to certain administrative applications through AnyDesk is only allowed when AnyDesk is running with elevated rights.

These applications include: Task Manager, security/antivirus software, certain system settings, and more.

If the AnyDesk user connecting does not have permissions to view or interact with the UAC prompt, it is usually indicated with a black screen and a crossed-out arrow. However, the functionality will return to normal once the remote AnyDesk user accepts or declines the UAC prompts.

Note:

Elevating the AnyDesk session does not change the Windows session from standard user to administrator. Each UAC action will still require administrator credentials. To avoid UAC prompts with credential requests, log in to Windows as an administrator on the remote device.

Types of Accounts

Windows has two types of accounts: Administrator and Standard User.

Administrator Accounts	By default, they have full control. Users with this account type can change settings globally, install programs, and bypass User Account Control (UAC) prompts without credentials.
Standard User Accounts	By default, they have limited control. Users with this account type can run but not install applications. Users can change system settings, but only settings that won’t affect other accounts. Tasks that require elevations can only be confirmed by providing administrator credentials.

Default Behavior with Installed AnyDesk

When AnyDesk, and by extension, the AnyDesk Service, is installed on the remote device, it can interact with any software that requires administrative privileges as well as UAC elevation prompts.

Back to Top

Default Behavior with AnyDesk Portable

When AnyDesk is running in portable mode (uninstalled) on the remote device, AnyDesk by default will not be able to interact with certain administrative software and UAC prompts.

UAC_request_cmd

If a UAC prompt is displayed on the remote device, AnyDesk will leave the screen blank and inform the user.

Additionally, a crossed-out mouse cursor will be displayed, indicating that the connecting user does not have the ability to control remote input.

If the remote user does not wish to install AnyDesk, the following solutions can be used to view and interact with remote UAC prompts:

By clicking “Request Elevation” in the Actions menu, the remote user in front of the remote device will be prompted to accept the elevation.

If the user in front of the remote device does not have administrative credentials, the user requesting the elevation can send them through AnyDesk by selecting “Transmit Authentication Data”. The remote user can simply accept the request without seeing any of the credentials.

VirtualBoxVM_X78rPQcWxg

Accept Session with Elevated Rights

On the receiving end, the session can be accepted with elevated rights already enabled.

VirtualBoxVM_bao5gPJz7u

This can be done by pressing the larger “Accept” button with the UAC icon in front.

The remote user will then need to accept the UAC prompt to grant elevated rights to the connecting user.

Automatic Elevation Rights Request

UAC_custom_client-265x300

Alternatively, a custom client can be generated that will automatically request elevation rights when the portable AnyDesk client is started on my.AnyDesk.com.