Admin privileges locks Wayk Now

Hi Martin

The availability of "secure desktops" (e.g. a UAC / credentials prompt) is determined by how Wayk Now is deployed on the remote system.

The standalone WaykNow.exe runs as the logged in user (possibly "elevated" if launched as such, e.g. right-click and "run as administrator) and never has enough privileges to capture secure desktops.

The Wayk Now service (which should be used if Wayk Now was installed via the .msi) runs as SYSTEM, and does have enough privilege to capture secure desktops.

So, assuming that Wayk Now was installed with the .msi, you should be able to fully interact with the system regardless of the authentication mechanism used.

Let me know if that helps, or if you have further questions or feedback

Thanks and kind regards,

Yes, that makes sense. This started occurring after the office closed and we switched to telecommute due to COVID19. At that point, all the users has been instructed to install Wayk Now. Likely not as a service on their end.

Thanks for that explanation.

Hi Martin

I understand the confusion, a couple of things we're doing to try and alleviate this:

• We've made the x64 .msi the *default* download on wayk.devolutions.net (previously the standalone .exe was the "headline" download)
• We're working on a facility to remotely elevate and install the service from inside a session. That would allow you to "upgrade" a remote user from within the session. I don't have a timeline for those improvements, however.

Thanks and kind regards,

Looking forward to that!

couldn't maybe wayk itself run itself as system instead of having to install something? other remote access solutions I saw can also run as system on their portable exe file by elevating itself after being given admin rights (or do those also install a service but without really telling the user?)

Hi,

We are aware that some products manage to self-elevate themselves as SYSTEM on Windows without installation. However, our focus would be to find ways to install Wayk Now when it was started without elevated rights, rather than self-elevate and make it work almost the same way as if it were installed, without installing it. There are a lot of potential issues and limitations in trying to make the full feature set to work without a real installation, so we're keeping this clean cut between the installed version and the standalone executable.

Best regards,

well obviously one cannot have the full feature set (like unattended access and stuff) but if wayk could basically ask nicely whether you want to give it admin rights , if yes spawning a UAC and elevate yourself to at least push the UAC through as that makes support easier and I also think that users who do not want anything installed which runs unattended would give them peace of mind too, because if a service which specifically states it's used for unattended service is installed I would be VERY cautious (does not really get better considering it runs based on windows account password and the average person's windows accout password is either not existent or pretty weak)

kinda sad imo that things like these wont be in the executable, as that would make it a lot easier than explaining people how to launch wayk as admin or have them click yes all the time for UAC prompts, or if completely unelevated have them navigate or exit admin windows (speaking from experience)

Hi,

I am not saying there is no use case for it, but for now our focus on that front would be to allow technicians to remotely elevate permissions to allow an installation of Wayk Now without having to tell the user to manually type in administrative credentials. This is a different use case for which we've had a lot of demand so far, one for which the the technician knows the admin credentials of the remote system, but the local user doesn't.

Elevated usage without installation (self-elevation as SYSTEM) still requires at least local admin rights on the computer. This being said, we'll consider the feedback, but I am telling you that this is the type of usage we are trying to move away from. If you can install Wayk Now, then you should install it, the standalone executable should be reserved for one-time use cases or as a starting point to connect to a system that doesn't have it installed already.

Best regards,

oh I see, for that use case I can definitely also see a point.

that the latter means local admin needed is kinda obvious, which is why I said ask then spawn UAC, the point is basically to have it easy to support literally random people (who sometimes have a really hard time doing anything on PC to be honest)

and a company who wants to rigidly install something with background access is something I would think random people who at least have basic knowledge of stuff woudlnt really do.

Hi, I agree with my1

Having the UAC option in the exe should (in my humble opinion) be a priority.
Doing a quick "emergency" session with an elderly relative one wants to use the exe file and one needs to have the workings as simple as possible for the end user receiving the help. Those kind of users will not be wanting (or able) to understand all of the tick boxes and such of the full msi installer. The helper, if wayk was a one off use case, also then has to go about instructing the user how to uninstall the msi afterwards to make sure that not remote access software is running on their machines at the end of the whole exercise. This is because these sort of folk don't want processes running in the background that "can allow" remote access due to increasing risk of remote access fraud etc.

Remember - we are talking about complete novices on the receiving end of the remote support session here. It is sometimes a struggle just to get them to the website to download a file and then (if it were available) clicking "yes" on the UAC prompt to give full admin rights (or at least enough to do things like navigate device manager etc.) let alone anything else.

Please, please reconsider this one :-) I also use AeroAdmin and also anydesk.exe to help a few friends and relatives out and I was going to switch over to Wayk but cannot until this issue is resolved :-)

Thanks
Paul