EPM Error 0x8007010B: The Debugging Game

Last Updated on July 5, 2024 by rudyooms

In this blog, I will examine a funny 0x8007010B error that Endpoint Privilege Management (EPM) could give you when you try to elevate the CMD using a shortcut.

I will divide this blog into multiple parts

  1. Introduction
  2. The Issue
  3. Troubleshooting
  4. The Fix

1. Introduction

Endpoint Privilege Management (EPM) is an excellent tool for keeping Windows devices secure by reducing the need for local admin accounts. It allows users to do their work without needing full admin rights, which helps protect the system from security risks.

With EPM, IT administrators can manage user permissions more effectively, ensuring that applications get the access they need without compromising security.

However, sometimes, EPM can encounter issues. One common problem is error code 0x8007010B, which occurs when trying to elevate applications with Endpoint Privilege Management. This error can be frustrating and disrupt normal operations, but it can be fixed with a simple solution.

In this blog post, we’ll explain this error, examine its causes using code examples, and provide a step-by-step guide to fixing it.

2. The Issue

When attempting to run an application with elevated privileges through Endpoint Privilege Management (EPM), you might encounter the following error message:

EPM give a 0x8007010b error when trying to elevate cmd

This error message above mentions the following:

Something went wrong

There was an error with running this app as administrator. Contact your support person. Error code: 0x8007010B (-2147024629)

This error code corresponds to ERROR_INVALID_NAME , suggesting an issue with the syntax of the directory name or file path.

3. Troubleshooting

Upon investigating the error, I analyzed the EPM log files and a snippet of disassembled code responsible for creating processes with elevated privileges.

Let’s start by looking at the EPM event logs.

These two errors above mention the thing just before it all breaks apart. Just before the error 0x8007010B occurs, it mentions the working directory it got from inspecting the shortcut.

I guess I am getting warm, as it feels like something is wrong with the shortcut. After looking at the event logs, I also wanted to look at the disassembled epminterop.dll code.

the epminterop.dll dissasamblied

This code snippet highlights the process creation logic using the CreateProcessAsUserW function. This function accepts parameters such as the application name, command line, and working directory (lpCurrentDirectory).

The error we got seems to occur if the lpCurrentDirectory is invalid or incorrectly specified.

Additionally, I reviewed the properties of the Command Prompt shortcut, causing the error.

A screenshot of a computer

Description automatically generated

The “Start in” field was set to %HOMEDRIVE%%HOMEPATH%, which might not resolve correctly if the environment variables are not adequately defined.

4. How to Fix It

It seems that Microsoft is already aware of this issue and will fix it in the 2407 release. If you can’t wait for the official fix, fixing the 0x8007010B error is easy: You only need to update the shortcut. Easy, does it!

  • Modify the “Start in” field of the Command Prompt shortcut to a valid directory path. Or, even better, remove everything mentioned in the ” start in” parameter!
A screenshot of a computer

Description automatically generated

After changing the shortcut, we can now elevate the command prompt again. With the elevated command prompt, I wondered what the virtual account would tell me when querying the home drive and homepath.

A computer screen with white text

Description automatically generated

As shown above, asking for the virtual account’s true homepath and homedrive gave me nothing. Those variables seem to be invalid, which could explain why we got that error.

Conclusion

If you don’t want to wait until the 2407 release, following the steps outlined above, you can resolve the Endpoint Privilege Management error 0x8007010B related to invalid directory paths. Ensuring that environment variables are resolved correctly and specifying a valid working directory is crucial to successfully running applications with elevated privileges.

Leave a Reply

Your email address will not be published. Required fields are marked *

4  +  6  =