In this blog, I will examine a funny 0x8007010B error that Endpoint Privilege Management (EPM) could give you when you try to elevate the CMD using a shortcut.
1. Introduction
Endpoint Privilege Management (EPM) is an excellent tool for keeping Windows devices secure by reducing the need for local admin accounts. It allows users to do their work without needing full admin rights, which helps protect the system from security risks.
With EPM, IT administrators can manage user permissions more effectively, ensuring that applications get the access they need without compromising security.
However, sometimes, EPM can encounter issues. One common problem is error code 0x8007010B, which occurs when trying to elevate applications with Endpoint Privilege Management. This error can be frustrating and disrupt normal operations, but it can be fixed with a simple solution.
In this blog post, we’ll explain this error, examine its causes using code examples, and provide a step-by-step guide to fixing it.
2. The Issue
When attempting to run an application with elevated privileges through Endpoint Privilege Management (EPM), you might encounter the following error message:
This error message above mentions the following:
Something went wrong
There was an error with running this app as administrator. Contact your support person. Error code: 0x8007010B (-2147024629)
This error code corresponds to ERROR_INVALID_NAME , suggesting an issue with the syntax of the directory name or file path.
3. Troubleshooting
Upon investigating the error, I analyzed the EPM log files and a snippet of disassembled code responsible for creating processes with elevated privileges.
Let’s start by looking at the EPM event logs.
These two errors above mention the thing just before it all breaks apart. Just before the error 0x8007010B occurs, it mentions the working directory it got from inspecting the shortcut.
I guess I am getting warm, as it feels like something is wrong with the shortcut. After looking at the event logs, I also wanted to look at the disassembled epminterop.dll code.
This code snippet highlights the process creation logic using the CreateProcessAsUserW function. This function accepts parameters such as the application name, command line, and working directory (lpCurrentDirectory).
The error we got seems to occur if the lpCurrentDirectory is invalid or incorrectly specified.
Additionally, I reviewed the properties of the Command Prompt shortcut, causing the error.
The “Start in” field was set to %HOMEDRIVE%%HOMEPATH%, which might not resolve correctly if the environment variables are not adequately defined.
4. How to Fix It
It seems that Microsoft is already aware of this issue and will fix it in the 2407 release. If you can’t wait for the official fix, fixing the 0x8007010B error is easy: You only need to update the shortcut. Easy, does it!
- Modify the “Start in” field of the Command Prompt shortcut to a valid directory path. Or, even better, remove everything mentioned in the ” start in” parameter!
After changing the shortcut, we can now elevate the command prompt again. With the elevated command prompt, I wondered what the virtual account would tell me when querying the home drive and homepath.
As shown above, asking for the virtual account’s true homepath and homedrive gave me nothing. Those variables seem to be invalid, which could explain why we got that error.
Conclusion
If you don’t want to wait until the 2407 release, following the steps outlined above, you can resolve the Endpoint Privilege Management error 0x8007010B related to invalid directory paths. Ensuring that environment variables are resolved correctly and specifying a valid working directory is crucial to successfully running applications with elevated privileges.