1E Verified
Copyright © 1E 2022 All Rights Reserved
Local Admin
Downloads
323
Endorsements
21
Components
3
Added
4 years ago
Last Updated
1 year ago
Compatibility
Client Supported - 8.1, 9.0
OS Supported - Microsoft Windows 11, 10
OS Supported - Microsoft Windows 11, 10
Description
Remotely manage end-user access to local admin rights so they can perform tasks such as: installing a printer on their device - saving time and effort spent managing their device directly. This pack also includes a policy that will automatically remove those local admin rights after a certain time - reducing security concerns.
Key Features
• A user wants to perform a task, for example to install software on their device, but the company security policy prevents this. The IT administrator knows that to allow them to do this requires local admin rights.
• Using the instructions from this pack, they grant that user temporary local admin rights via Tachyon Explorer and rely on the Guaranteed State policy to ensure that those local admin rights are removed after a specified amount of time, as configured by the Policy administrator.
Setup
• This Product Pack contains both Rules and instructions.
• Upload this Product pack with the help of Tachyon Product Pack Deployment Tool.
• A Guaranteed State Policy named Timed Admin access status will be created.
• A Guaranteed State Rule will be created in this policy.
• An Instruction Set named Local Admin Access containing all the instructions will be created.
Usage
1. Review the rule Check Timed Admin access status.
2. Adjust the Trigger IntervalMinutes to run it on a periodic basis.
3. The Check is performed to determine if Check if elevation time has expired. If it has expired then return the users to non-admin state.
4. Enable this rule.
5. Assign the Timed Admin access status Policy to a management group.
6. Deploy the Timed Admin access status Policy.
7. Within a period of a day or two you would start seeing the compliance for Timed Admin access status.
8. We can also manually run instructions from Explorer to perform additional tasks.
Components
1E-Explorer-ServiceNow-ForceDeelevateLocalAdmin
INSTRUCTION
Description
Force de-elevate user to non-admin state.
Readable Payload
Force de-elevate user to non-admin state.
1E-Explorer-ServiceNow-ElevateUserAsLocalAdminTimed
INSTRUCTION
Description
Add user to the local administrator group
Readable Payload
Add user %UserName% to the local administrator group for %MinutesToElevate% minutes