公开(公告)号：US12153689B2

公开(公告)日：2024-11-26

申请号：US17546160

申请日：2021-12-09

Applicant: VMware, Inc.

Inventor： Chris Halstead ,  Kevin B. Sheehan ,  Jared Cook ,  Joshua Spencer

IPC: G06F21/60 ,  G06F9/455 ,  G06F21/31

Abstract: Examples of enrollment of virtual devices for unprivileged users are described. In some examples, a virtual device includes an enrollment agent, encrypted enrollment credentials, and a user mode privilege elevation component that elevates privilege of the enrollment agent. A privilege elevated token is created to include an administrative privilege of a local security authority service, and a security context of an unprivileged user account logged in to the virtual device. The enrollment agent is launched using the privilege elevated token rather than a user token of a user that is logged in. The enrollment agent decrypts the encrypted enrollment credentials based on administrative privilege of the privilege elevated token, and enrolls the virtual device with a management service using decrypted enrollment credentials.

公开(公告)号：US20230185929A1

公开(公告)日：2023-06-15

申请号：US17546160

申请日：2021-12-09

Applicant: VMware, Inc.

Inventor： Chris Halstead ,  Kevin B. Sheehan ,  Jared Cook ,  Joshua Spencer

IPC: G06F21/60 ,  G06F21/31 ,  G06F9/455

CPC classification number: G06F21/604 ,  G06F21/31 ,  G06F9/45558 ,  G06F2009/45595 ,  G06F2009/45587

Abstract: Examples of enrollment of virtual devices for unprivileged users are described. In some examples, a virtual device includes an enrollment agent, encrypted enrollment credentials, and a user mode privilege elevation component that elevates privilege of the enrollment agent. A privilege elevated token is created to include an administrative privilege of a local security authority service, and a security context of an unprivileged user account logged in to the virtual device. The enrollment agent is launched using the privilege elevated token rather than a user token of a user that is logged in. The enrollment agent decrypts the encrypted enrollment credentials based on administrative privilege of the privilege elevated token, and enrolls the virtual device with a management service using decrypted enrollment credentials.