Thursday, January 4, 2024

QuickBooks Desktop 2024 - Fix Elevated Credentials Prompt for Standard Windows Users



When a standard Windows user attempts to open the QuickBooks application, they are prompted with a QuickBooks generated error that states, "Administrator Permissions Needed" - "This action requires Windows administrator permissions". There's a UAC icon on the continue button. If you press "continue", the following appears:

If you press "No" here, QuickBooks opens, however when you try to open the .QBW (QuickBooks WorkBook) file, it prompts for elevated credentials again and the process repeats.


The reason for this is because the "QuickBooks Company File Monitoring Service" is not running. The actual service name is "QBCFMonitorService".

I suspect this has to do with Multi-User Mode because it only occurs on computers that are running this mode of QuickBooks. It's only on the second computer. So the first computer opens QuickBooks and loads the QBW file. The second computer attempts to launch QuickBooks and it fails with the error above.


The easy way to ensure this runs on the machine as directed is to create a Task in Windows that calls in a PowerShell script which checks to see if the service is running or not. It will restart the service if it's not running and write the event to a log file. If the service is already running, it will note this event in the log file as well and not attempt to restart the service.

If using an RMM you'll need someway to "Set-ExecutionPolicy" to "bypass" before the script runs or else it will fail. Putting "Sec-ExecutionPolicy" to "bypass" in the script will fail to set this option temporarily ultimately causing the script to fail.

PowerShell Script:

Save the PowerShell script below in the admin's Documents folder as: "C:\Users\Pat\Documents\scripts\QBCFMonitorService\QBCFMonitorService.ps1"

Replace XXXXXX with the account name.

*01.04.24 - Updated script to report time in 12 hour with AM/PM vs 24 hours. Changed "HH:mm:ss" to "hh:mm:ss tt" and added the "tt" to denote AM or PM. The lowercase "hh" denotes 12 hour and the uppercase "HH" denotes 24 hour.

# Set the service name
$serviceName = "QBCFMonitorService"
$logFilePath = "C:\Users\XXXXXX\Documents\Powershell Scripts\QBCFMonitorService\QBCFMonitorService.log"

# Check if the service is stopped
$serviceStatus = Get-Service -Name $serviceName

if ($serviceStatus.Status -eq 'Stopped') {
    # Restart the service
    Restart-Service -Name $serviceName
    $logMessage = "$(Get-Date -Format 'yyyy-MM-dd hh:mm:ss tt') - Service $serviceName restarted."
    Write-Host $logMessage
    Add-Content -Path $logFilePath -Value $logMessage
} else {
    $logMessage = "$(Get-Date -Format 'yyyy-MM-dd hh:mm:ss tt') - Service $serviceName is already running."
    Write-Host $logMessage
    Add-Content -Path $logFilePath -Value $logMessage

Task Scheduler:

(Create a new folder in Task Scheduler for stuff like this to differentiate from standard tasks.)

Create a "New Task" in Task Scheduler with the following settings marked in yellow:

General Tab:

  • Watchdog for QBCFMonitorService

  • Runs periodically. If QBCFMonitorService is not running it will restart it. This allows the user to open QB without needing elevated Windows credentials.


Action Tab:

  • Start a program
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add arguments (optional):
  • -ExecutionPolicy Bypass -File "C:\Users\Pat\Documents\scripts\QBCFMonitorService\QBCFMonitorService.ps1"



Test Task:

Stop the service manually then run the task, it should restart the service and add a line to the log file.


Seems I'm not the only one with this issue:


No comments: