AutoElevate is a unique privilege access management (PAM) solution that solves many of the problems that stem from removing local admin rights – without frustrating your users or creating more work for your tech support team. How does it work?
Selective Privilege Elevation – Anywhere, Anytime
AutoElevate transparently and automatically handles Windows User Account Control (UAC) requests for elevated privileges. Users don’t need to be local administrators or have secondary admin accounts, and your technicians don’t need to make a deskside visit – or even remote in — to enter admin credentials. It works for any function or feature that triggers a UAC prompt, including installed programs or specific program features, EXE or MSI installers, and Windows functions that trigger UAC prompts, such as changing Control Panel settings.
Any UAC prompt will send a notification to technicians’ smartphones or desktops, letting them approve or deny a request immediately. If a technician isn’t available, or the request needs a bit more investigation, a ticket can be created automatically so that nothing falls through the cracks.
Technicians are provided with detailed information for each request, including the software publisher, certificate status, file path, and VirusTotal results. This allows them to quickly approve known-good requests while avoiding malicious ones. Technicians can select whether to elevate using the user’s own credentials, or an “over-the-shoulder” admin account. The authentication takes place locally; admin credentials aren’t stored or transmitted over the network, ever – keeping your information protected.
Powerful Automation Saves Time
In addition to manual approval, rules can be configured to automatically approve elevation requests for known software. Rules can be added in real time based on software vendor, publisher certificates, MD5 hashes, or a combination of criteria. Rules can be scoped to a single machine, a group of computers, or your entire organization to ensure that business-critical software works every time without waiting for approval.
Or, requests can be automatically denied using the same rules and scoping. This protects your systems from unwanted or insecure software without bothering your technicians each time.
Get a Birds-Eye View with Auditing and Reporting
AutoElevate logs information about every UAC elevation request that’s made on your network. Use Audit Mode prior to implementing least privilege to see who has admin rights and which software is requesting elevation. Then, use AutoElevate to ensure that UAC is enabled across your network and that no unnecessary local admin accounts are in use. AutoElevate can even remediate computers automatically by removing user accounts from the local administrators group and turning UAC on.
Any suspicious elevation requests can be investigated using detailed logs. Find out what elevation attempts were made by whom and when.
More Control means More Security
Removing admin rights and monitoring requests for elevated privileges protects your systems, data, and users from many serious security threats, including:
- Ransomware, spyware, and malware: Many malware strains require tricking the user into running untrusted software, entering admin credentials, or approving a UAC request. AutoElevate gives your team the power to review all requests for elevation alongside detailed security information, preventing infections before they happen.
- Unwanted or illegal software: AutoElevate can keep your users focused on work by preventing the installation of non-work-related programs such as games and media applications. And you’ll find out if anyone tries to install pirated software – before it turns into a security risk or legal liability.
- Shadow IT: Unapproved or insecure cloud collaboration apps present a major risk of data loss, whether accidental or intentional. Find out about the use of these apps before they develop into a problem for your organization.