Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

User self-elevation occurs when mobile, remote, or power users need to run software that is usually run by only users with administrator-level permission. Risks can occur when users are allowed to self-elevate, so you should weigh carefully the decision whether to allow self-elevation. Application Control Solution includes a default policy that grants end users elevated rights on applications, and you can also modify the policy to gather feedback from end users.

Enable

...

self-

...

elevation

To enable self-elevation, do the following steps:

  1. From the Arellia Thycotic Security Manager Console, click the Policies tab.
  2. In the file library in the left pane, navigate to Application Control > Policies > Privilege Management.
  3. Click User Requested Run As Administrator Policy.
  4. In the right pane, click the red Off button to enable the policy. 

For further details about enabling self-elevation, go to to Application Control Agent Configurationagent configuration.

Testing

Test the self-elevation policy that users will see by doing the following steps:

  1. From a computer that has the ACS Agent installed, update the client.
  2. Right-click an application on the Desktop and click Request run as administrator.
    Image Removed
  3. Enter a justification for needing to run the application with elevated rights.
    Image Removed
  4. You can then acknowledge justification events and assign them to policies. For details, go to Event Summary.