On 4/11/2011 4:51 AM, Erik Dalén wrote: > Would it be possible to do the import but with an UAC prompt?
Doing so would bypass what little security benefit UAC mode provides. The reason the TGT is not exported from the LSA when UAC is active is that with the TGT a process can be locally created with full admin privileges without prompting the user. While I could implement such a thing, I won't. If you want to bypass the restrictions of UAC, turn it off. Otherwise, do what is actually secure and use separate accounts for day to day activities and administrative purposes. Jeffrey Altman
signature.asc
Description: OpenPGP digital signature
