Self-elevation without adding Administrator rights

Owned by Anonymous
Last updated: Feb 01, 2016 by Max Pinion (Deactivated)
1 min read

Introduced in 7.1 SP3

This feature was Introduced in version 7.1 SP3.

Using the default Self-Elevation, applications are launched with administrator rights after a justification is given. The following steps will allow a user to request elevation, but not add administrator rights to the application.

  • Right-click Justify Application Elevation Message (Policies > Arellia > Application Control > Actions > Messages > Advanced) and select Clone
  • Right-click the cloned message and select View as XML
  • Click Edit
  • Navigate to <terminateExitCode>100</terminateExitCode> and change the 100 to 0
  • Then select Import at the bottom of the XML Viewer
  • Next navigate to the User Requested Elevation Justification Policy
  • Change the Application Actions to the clone of the Justify Application Elevation Message and also leave the Add Administrator Rights
  • These requests will then be viewable in the Event summary and acknowledgement Viewer

Doing the above steps will allow Arellia Application Control to work correctly but will not continue adding administrative rights to a program after a justification is given because the terminateExitCode change from 100 to 0.