User self-elevation occurs when mobile, remote, or power users need to run software that is usually run by only users with administrator-level permission. Risks can occur when users are allowed to self-elevate, so you should weigh carefully the decision whether to allow self-elevation. Application Control Solution includes a default policy that grants end users elevated rights on applications, and you can also modify the policy to gather feedback from end users.
Enable self-elevation
To enable self-elevation, do the following steps:
- From the Thycotic Security Manager, click the Policies tab.
- In the file library in the left pane, navigate to Application Control > Policies > Privilege Management.
- Click User Requested Run As Administrator Policy.
- In the right pane, click the red Off button to enable the policy.
For further details about enabling self-elevation, go to Application Control agent configuration.
Testing
Test the self-elevation policy that users will see by doing the following steps:
- From a computer that has the ACS Agent installed, update the client.
- Right-click an application on the Desktop and click Request run as administrator.
- Enter a justification for needing to run the application with elevated rights.
- You can then acknowledge justification events and assign them to policies. For details, go to Event Summary.