01: Admin Approval demo

Want to help your users when there is no rule in place, and maybe no Internet? It’s easy. Use Admin Approval to help users install applications.

Hi. This is Jeremy Moskowitz, PolicyPak CTO. In this demonstration, I’m going to show you how you can use PolicyPak Least Privilege Manager with admin approval.

Here’s the lash-up. Imagine you have a user out in the field and they have no Internet access, and now they need to do something that requires admin rights, for instance, install something like “PowerPointViewer.” So they go ahead and run “PowerPointViewer” and now we get what’s called the “PolicyPak Admin Approval” “Request Code.” They’re going to read you this code over the phone, “rree” and so on. It’s very easy to do.

In this case, I’m just going to copy and paste it here into my “Admin Approval Tool.” I’ve already got this thing all set up and it’s ready to go. In another video, I’ll show you how to set it up. This demonstration is just to show you it working.

So I’m going to type in my “Request Code” here. You can see I learn a few things about the application. You can put in a “Reason” to help this person if you want to. This is logged on the endpoint. For instance, maybe this is an “Installation for User.” Now you can specify how many “Uses” this code will work: “One” time, “5 times,” “10 times” or “Unlimited.” I’ll do it once. And when it “Expires,” you can say “Never,” “10 minutes,” “An hour” or “12 hours.” Let’s say it “Expires” in “10 minutes.”

Now you’ve got this code to give them, “rukb” and so on. You are going to read this to them over the phone, and they are going to type it in here in their “Response Code.” Notice how you can also set up “Additional Info” for what they should do and how to get in touch with you in the first place.

Once they put the “Response Code” in, magic occurs. They can now run the application. If they don’t have the response code, it is not going to work. In fact, I can show you that in a second. So “PowerPoint Viewer” goes ahead and installs just fine. You’ve helped them. You say goodbye, and they’re off to the races.

Let’s go and do another example. Another example might be something like “Device Manager” where they need to upgrade a device driver. If they click on “Device Manager,” what do they get? They get a “Request Code.” Or if they want to try to bang on it themselves, what happens? It’s not going to be accepted because it is coded to a secret that you’ve already established. Again, that’s in another video.

So what are you going to do? You’re going to get the “Request Code” from the user here. We’re going to type it in here. Maybe this one we want to make “Unlimited.” This is Device Manager, and we want to make it run “Unlimited” and it “Expires” “Never.” At this point, you should tell your user to write down this response code because it can be used over and over again because it will never expire.

The first time they run it here, there we go. Now “Device Manager” runs and you can do things like “Update driver” and so on. What happens the next time it runs? Well, they’re going to get another “Request Code,” but the “Response Code” will be maintained because you said make it work forever. As long as they still have it, it still works.

Let’s go over one more example which might be an application that throws a UAC prompt like “Procmon.” When you run “Procmon” here, you’ll see it throws a UAC prompt. But it didn’t request admin rights right out of the gate. It’s kind of baked into Procmon underneath the hood. There are a couple of other applications that run the same way too.

In this case what you can do is have your use right click and “Run with PolicyPak.” When they do, they’ll be prompted with a “Request Code” which they can then give to you over the phone. You’ll then type it in. You can see that this application is “Signed” which is nice. You can give a “Reason” if that’s what you want to do. And then the “Uses” you can say, for instance, “Once” and “Expires” “Never,” so just a one-time code.

Then we’ll type that in here. Again, this is a one-time code. We’ll go ahead and click “OK,” and Procmon runs. What happens if they try this a second time? Remember, this is a one-time code so if they try to type it in a second time, same code, what’s going to happen? It “has already been used,” and that’s it.

That is how to use PolicyPak admin approval mode to help users out in the field get help to install things, applications, get into Device Manager, and so on – all the things you can do with Least Privilege Manager if there’s not already a rule set up.

To see how to get admin approval mode all set up, again, that’s another video. You can check that out. It’s pretty easy to get going.

If you’re ready to get started with PolicyPak Least Privilege Manager, we’re here to help. Go ahead and click on the Webinar/Download button in the upper righthand corner of the website, and you can try it out for yourself.

Thanks very much, and talk to you soon.

  • 191
  • 26-Jun-2019
  • 615 Views