So I have been testing User Elevation Protection on a Windows desktop for DUO Auth for Windows Logon. It works well on several desktops I have, but testing “Protect User Elevation while offline” I run into a problem. When I start the computer unplugged (and offline) and login with a user account, then try a task that requires a user elevation to admin, I still get prompted to select a Duo authentication method (such as the Duo Prompt). When offline I should not get prompted to authenticate when performing a UAC elevation, correct?
My settings in regedit on the desktop is
Autopush Set to 0
ElevationOfflineEnable (ElevationOfflineLogon) Set to 0
ElevationOfflineEnrollment Set to 0
ElevationProtectionMode set to 2
EnableSmartCards 0 don’t have smart cards
FailOpen Set to 1
OfflineAvailable 1 Allows Offline Authentication
RdpOnly 1 Protect RDP logons only
Or am i not understanding this correctly?