none
Unable to use smart card to elevate privledges in Windows 10 1703 RRS feed

  • Question

  • I'm starting to test 1703 for my company and have come across an issue where I can't use my smart card to elevate a command. When I select "Run as Administrator", UAC allows me to enter smartcard PIN and Username hint but then shows a message that "The requested operation requires elevation" and then UAC comes back around asking for username and password.  In my company we use the Username hint to differentiate between user accounts and administrator accounts but the PIN is same for both accounts.  If I enter a username and password for the administrator account then the command is elevated properly.

    This is a change from 1607 where I didn't have this problem.  In GPO we are setting the Assign a default credential provider to Smartcard Credential Provider.  Is there anything else I could look at or are others seeing this issue as well?

    Friday, April 28, 2017 6:45 PM

All replies

  • Hi ,

    Windows 10 version 1703 is released recently and we have not been reported this issue. Does this issue only occur on Windows 10 version 1703 machines? If so, you could try the built-in Feedback hub to submit this issue on your side, report it to system product team.  

    Best regards

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 1, 2017 8:29 AM
    Moderator
  • I can verify that this is only in 1703.  Elevation using smart card worked fined in 1607.  Unfortunately it doesn't look like the Feedback Hub will work through the corporate firewall but I will be putting a call through to the MS Premier site soon to report this.  I was just hoping someone knew of a GPO setting that might be affecting this. 

    Of note we do have a GPO setting to set the default credential provider to smart card using Configuration>Administrative Templates>System>Logon and setting the value in Assign a default credential provider to {8FD7E19C-3BF7-489B-A72C-846AB3678C96} which is the smart card provider.  In 1607 when elevating a process it would default to the smart card provider but in 1703 it now defaults to username and password. 

    Monday, May 1, 2017 3:26 PM
  • I concurred with "greatestcommonfactor" I'm too having the exact issue, I used to be able to elevate with my networked admin account using my SmartCard, but not it does not work on 1703.  however I did found a work around, which on login, you will need to enter your PIN and the standard user name in the "username hint" field. once you are logged in, then you can elevate with your smart card and your domain admin credential.

    I believe this is a bug Microsoft needs to fix! Thanks.

    Thursday, May 25, 2017 4:25 PM
  • I concur with you all, I am on Windows 10 1709 and STILL having the issue.... Do we have any resolution on this????
    Wednesday, May 15, 2019 9:17 PM