Troubleshooting Process Elevation
1. Ensure that the created rule has been saved and applied to a Group Policy Object (GPO) that has been linked to either an OU or the domain.
2. On the client machine, ensure that the Privilege Manager Client is installed by looking in the Add/Remove Programs / Programs and Features applet.
3. From the command prompt, run 'GPUpdate /force' to make sure that the Group Policy has been refreshed.
4. Run 'GPResult' (or 'GPResult /R'), and check that the GPO the rule belongs to has been applied to that machine.
5. Check in the registry for the rule. Rules are copied to the key HKEY_LOCAL_MACHINE\Software\ScriptLogic Corporation\Privilege Authority\CSE\CSEHost\Host. Under this key you will see a key which is the SID for each user (i.e. S-1-5-21-15….) and then a unique GUID for each rule underneath this. To match the SID to a user account, navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList and look at the data in the ProfileImagePath value or use the script provided below.
Create a VB Script using the following script:
Set oShell = CreateObject( "WScript.Shell" )
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objAccount = objWMIService.Get("Win32_UserAccount.Name='" & User & "',Domain='" & UserDomain & "'")
DisplayString = UserDomain & "\" & User & " = " & objAccount.SID
6. If the rule is present in the registry, then it is a good idea to enable logging.
To Enable Logging
Open Registry Editor and locate the registry key:
HKLM\Software\ScriptLogic Corporation\Privilege Authority for 32-bit systems,
HKLM\Software\WOW6432Node\ScriptLogic Corporation\Privilege Authority for 64-bit systems.
Change ‘LogLevel’ from the default value of 0 to 3 and restart the ScriptLogic Privilege Authority Host Service. The log files can be found in the folder specified in the ‘InstallPath’ value under this same key. The default log location is C:\ProgramData\Privilege Authority\Logs.
7. Run the application or target process that you have created your rule for. Then go to the log file folder (by default - C:\ProgramData\Privilege Authority\Logs) and open the CSEHostEngine.log file. Every process that is being run by the user will be displayed. To the right of each process, you will see a "MATCH" or "NO MATCH" status indicating whether or not the process matched a given Privilege Authority rule. Then, do a search for the process that you are trying to elevate and see if there is a match or not.