Using the default Self-Elevation, applications are launched with administrator rights after a justification is givenself-elevation users can give justification and launch applications with administrator rights (for details, go to Self-elevation). The following steps will allow a user users to request elevation, but but not to add administrator rights to the application.
...
.
- In the Thycotic Security Manager, click Policies.
- In the file library in the left pane click Policies > Thycotic Solutions > Application Control > Actions > Messages > Advanced
...
- .
- Right-click Justify Application Elevation Action and click Clone.
- Enter a name for the new elevation action.
- Right-click the cloned message and
...
- click View as XML
...
- .
- In the XML view dialog box, click Edit.
Scroll down to <terminateExitCode>100</terminateExitCode>
...
and change the "100" to "0
...
."
- Click the Import button.
- In the Confirm Import dialog box, click Yes.
- Close the XML view dialog box.
- In the file library in the left pane, navigate to Policies > Thycotic Solutions > Application Control > Policies > Privilege Management > User Requested Elevation Justification Policy.
...
- In the right pane, click the Application Actions
...
- tab.
- Click the link next to Application Action.
- In the Select Items dialog box, move the copy of the Justify Application Elevation Message to Selected Items (and also leave
...
- the Add Administrator Rights
...
- ).
- Click OK.
- Click the Save button in the right pane under User Requested Elevation Justification Policy.
These requests will then be viewable in
...
the Event
...
...
acknowledgement Viewer.
Doing the above steps will allow Arellia Thycotic Application Control to work correctly but will will not continue continue adding administrative rights to a program after a justification is given because the terminateExitCode change from 100 to you changed the terminateExitCode change from 100 to 0.