Self-elevation
User self-elevation occurs when mobile, remote, or power users need to run software that is usually run by Administrators only. Risks can occur when users are allowed to self-elevate and the option to allow self-elevation should be weighed carefully. The default policy will give the end-user elevated rights on the application, although the policy can be modified to gather feedback.
To enable self-elevation
- From the Arellia Security Manager Console, go to the Policies tab.
- Navigate to Application Control / Policies / Privilege Management.
- Select the User Requested Run As Administrator Policy and select Enable.
- Enable Self-Elevation in the Application Control agent configuration.
Testing:
- From a computer with the ACS Agent installed, Update the Client.
- Right-click an application and select Request run as administrator.
- The user will then be required to enter a justification for needing to run the application elevated.
- Justification events can then be acknowledged and assigned to policies in Event Summary.