Self-elevation

Owned by Anonymous
Last updated: Feb 02, 2016 by Max Pinion (Deactivated)
1 min read

User self-elevation occurs when mobile, remote, or power users need to run software that is usually run by Administrators only. Risks can occur when users are allowed to self-elevate and the option to allow self-elevation should be weighed carefully. The default policy will give the end-user elevated rights on the application, although the policy can be modified to gather feedback.

To enable self-elevation

  1. From the Arellia Security Manager Console, go to the Policies tab.
  2. Navigate to Application Control / Policies / Privilege Management.
  3. Select the User Requested Run As Administrator Policy and select Enable.
  4. Enable Self-Elevation in the Application Control agent configuration.

Testing:

  • From a computer with the ACS Agent installed, Update the Client.
  • Right-click an application and select Request run as administrator.

  • The user will then be required to enter a justification for needing to run the application elevated.

  • Justification events can then be acknowledged and assigned to policies in Event Summary.