262-299-4600 • Email us

If you're not managing privileged access in your enterprise, you have a problem. We have the solution.



By Sophie Dodson


With a background in computer science and graphic design, Sophie is a passionate writer and communicator of all things technical. Hailing from New Zealand, she provides documentation and research, commentary, and analysis on current cybersecurity topics at Fasttrack Software.


The Problem with Privileged Access

The Problem

Whether you’ve got 25 endpoints or 25,000 in your organization, every local administrator account presents a weak spot. With admin access comes a significant degree of power; users can do just about anything on the endpoint – things which can affect other users and the wider network. This is often necessary for trusted users such as IT admins or developers, but if privileged access is obtained by a bad actor… you’ve got problems. Lateral movement, privilege escalation, undetected presence, exfiltration of data, and installation / execution of malicious software become very real possibilities once a hacker has administrative access.

The solution is to prevent hackers from gaining privileged access, and a sure-fire way to do that is to lockdown your local admin accounts so that only trusted users have admin access.

It sounds simple, but removing local admin rights is a tricky minefield to navigate. Revoking your users’ admin rights is essentially taking away a tool that they had before, and probably used on a daily basis. Doing so will likely be met with great offence, outrage, and some strongly worded emails. Then there’s the effect on user productivity and resources. Standard users are unable to perform even simple installations of trusted software, and it will fall on Help Desk personnel to attend to every frivolous beck and call.

Finding a balance between security and user productivity when it comes to locking down local admin rights requires a special tool – and that’s where we come in.


The Solution

Admin By Request is a Privileged Access Management (PAM) solution based on the Principle of Least Privilege; the idea that all users should operate as standard user, only gaining elevated privileges on an as-needed, Just-In-Time basis, rather than having admin access by default.


How It Works

The solution is installed on endpoints and managed via the online User Portal. From here, privileges can be granted to specific users or groups, and revoked from others. All settings can be tailored to meet your organization’s specific needs, be that a focus on security (i.e., tighter restrictions) or a focus on productivity (more lenient settings). Whatever your focus, the primary function of Admin By Request is to revoke local admin rights, while still allowing users to gain privileged access as required using the self-service application on their device.

The way this is done is with the Requests feature. Users can Request to either run a single application as admin, or have a temporary administrator session, during which time they can undertake several administrative tasks. These Requests are sent to the User Portal along with details of the Request (i.e., what and why) to be approved or denied.

When users are granted their requested access, the Auditlog page in the User Portal records all privileged activity undertaken during the session, such as software installations and applications run.

Other pages within the User Portal include the Inventory, which collects information about all of your devices such as location, installed applications, and operating systems, and the Reports page, which can be used to generate and categorize key pieces of data.

Other key features include:
  • Machine Learning – Instead of Pre-Approving a huge number of applications ahead of time, let this feature build the list for you - as the applications are being used.
  • AI Approvals – Allow our Artificial Intelligence engine to decide which applications are safe to be auto-approved for you.
  • Device Owner – Set the predominant user of a device as the ‘owner’ and lock it down to that user if desired.
  • Break Glass Account (LAPS replacement) – Create a new, temporary, one-time-use Administrator account on an endpoint, which Audits all elevated activity and terminates within a pre-defined amount of time or on log out.
  • Events and Alerting – Set up Alerts to trigger for certain Events, such as suspicious activity or administrator logins.
  • Clean Up Local Admins – View and manage all local admin accounts from a single place, with the ability to remove / restore individual local admins or entire groups in one click.
  • Malware Scanning – Scan and detect suspicious files using the 35+ anti-malware engines comprising OPSAWAT’s MetaDefender Cloud API.

You can integrate Admin By Request with a range of existing workflow and security software tools, such as ServiceNow, Slack, Microsoft Sentinel, and Power BI. We also integrate with the SCIM protocol to allow provisioning of users from your existing IdP (i.e., Azure AD or Okta). Admin By Request offers all core features in versions for Windows, macOS, and Linux OSs.

Interested in Admin By Request?

Feel free to reach out to us for a discussion on how we can help you.

Book a demo Download Quote

OTHER CYBERSECURITY BLOGS

The Strategic Shift: Eliminating Local Admin Rights to Secure Enterprise Environments

This blog examines eliminating local admin rights through the Job-To-Be-Done lens, highlighting customer pain points and proposing strategies for efficient Privileged Access Management.

The Risks of Traditional VPNs: Why Zero Day Vulnerabilities Are a Major Threat

In 2024, several high-profile VPN vendors have fallen victim to zero-day exploits, allowing attackers to gain unauthorized access to private networks. This blog delves into these incidents so we can understand how they affected some of the industry's leading companies.

Mitigating the Dangers of Traditional Remote Access Solutions

Remote access is essential for modern enterprises but can pose security risks due to outdated practices and limited monitoring. This blog explores traditional remote access dangers and effective mitigation strategies.

Live Webinar: Chicanes and Tunnels, Securing Remote Connectivity with Cloudflare

Learn how to navigate remote access security and accelerate towards a safer digital journey with insights from Cloudflare Product Manager, Abe Carryl, and Admin By Request COO, Jacob Buus, plus get a live Q&A with Kevin Magnussen, Formula 1 driver.

Preventing Ransomware: Practices and Technologies in Cyber Defense

In today's interconnected digital world, ransomware attacks pose a significant threat to organizations everywhere. However, with the right knowledge and tools, these threats can be mitigated and even prevented.

The 10 Biggest Ransomware Payouts of the 21st Century

Step into the high-stakes world of 21st-century cyber warfare, where ransomware attacks have evolved into a digital menace haunting organizations across the spectrum. Picture this: your valuable data held hostage, encrypted into a digital puzzle, and the only way out is a hefty ransom.

Healthcare Under Siege: 100 Hospitals Hit Amid Rising Attacks

Recent ransomware attacks on hospitals in Romania highlight the urgent need for healthcare organizations worldwide to strengthen their cybersecurity posture. With patient data at risk, proactive defense strategies are vital to safeguarding critical healthcare services.

Feature Focus: The Windows Client Interface

Dive into the core of the Admin By Request user interface with our latest Feature Focus blog, covering the Windows endpoint client. This series is aimed to equip IT Admins with the knowledge to train users and minimize support queries.

PAM for Dummies: What is Privileged Access Management?

Dive into the acronym-filled world of cybersecurity, where PAM (Privileged Access Management) takes center stage. In this blog, we demystify PAM – what it is, how it works, and why it's crucial in the ever-evolving landscape of cybersecurity.

VPN Vulnerabilities Exposed: Rethinking Remote Access

Explore the vulnerabilities exposed by the Ivanti VPN incident and discover why Admin By Request's Remote Access offers a superior alternative in the era of remote work.

Remote Access is Here

Remote Access is a feature-rich addition to Admin By Request Server Edition which eliminates the need to rely on traditional VPNs and jump servers while maintaining a secure and segregated setup. Here's what to expect.

Local Admin Rights: The Nitro Boost of IT

In IT, 'Nitro Boost' equates to local admin rights, offering a swift digital pace. Yet, like motorsports, it poses risks. EPAM emerges as a solution, ensuring security without compromising efficiency.

Decoding Admin Rights: An Everyday Comparison

Think of local admin rights as like having keys to your house, or a keycard to a restricted area in your establishment – just like a regular set of keys, local admin rights provide access and control.

Best Value and Ease of Use Awards 2023

Admin By Request has received the 2023 Best Ease of Use and Best Value badges from Gartner via verified reviewers on Capterra.

How do we use ChatGPT?

With our latest integration, the web-scraping capabilities of ChatGPT are available to administrators from within the Admin Portal.

Shields Up Cisas Cybersecurity Strengthening Campaign

As the USA’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyber attacks.

Privileged Access Management Just Got Personal

The terms ‘use case’ or ‘usage scenario’ are cold and soulless words and not a good representation of the type of work we do here. Introducing ‘Usage Persona’: a more human approach to use case scenarios.

Venus Ransomware Hits Healthcare

Initial infection via RDP, killing 39 processes, deleting event logs, then encryption - but all stages of the Venus ransomware attack can be prevented with the right tools.

Looking to get ISO Certified? We Can Help.

ISO certification is a mammoth process, but adopting an effective Privileged Access Management solution is a cost-effect and sure-fire way to tick off a number of controls and help get you over the line – while also providing comprehensive security for your entire enterprise.

ISO 27001: Certified

You've seen it before, but what does it actually entail? In a nutshell: security, sustainability, and continually improved products and services. Admin By Request is now ISO certified, and this is how it benefits your enterprise.

Data & Compliance: Ticking All Boxes

In today’s landscape of ever-increasing threats to privacy, cybersecurity tools need to be effective at solving the problem they’re designed for. But there is a second key question to be answered when considering a new cybersecurity product for your organization – is it compliant?

Finding the Balance Between Productivity and Security

The balance between productivity and security is unique to each organization – but at no point should either one compromise the other. Here's how Admin By Request can help.

Secure By Design Series - Part 2

In this blog, PowerON’s Steve Beaumont continues his delve into Admin By Request's Privileged Access Management (PAM) solution, this time focusing on sub-settings, application elevation tools, and auditing capabilities.

Dear Hacker, Better Luck Next Time.

There's no denying that hackers are good. We see this reflected in the frequent cyberattack stories that populate the news channels almost daily - most recently, the Lapsus$ attack on Okta. What we don't hear so much about? That Privileged Access Management software is better.

Revoke: No Big Deal, No Big Squeal

Adopting a less ‘pig-headed’ approach to removing Local Admin rights from staff will always return happier project outcomes.

LAPS for Autopilot device

This blog by Simon Hartmann Eriksen shares his experience with the LAPS-replacement feature, which is soon coming to macOS and Linux too.

Ransomware Comes a March-ing

March is almost upon us, and at the rate we’re going, so is another year of ransomware prevailing. Here’s an update on the ransomware scene so far in 2022 – and some predictions for where it’s headed in the future.

LAPS vs. Break Glass. You be the judge.

MS LAPS is a necessity and, like most necessities, only covers the bare minimum. That’s why we decided to take the necessary parts of LAPS and turn them into something much cooler. But hey - we’ll let you be the judge.

Adapting to the Threat-Landscape in 2022

The whole world has been left vulnerable amid the global Coronavirus pandemic, but at the same time there’s been a cybersecurity pandemic raging, with ransomware payouts repeatedly surpassing the $2 million mark. Safe to say, the two very different things are likely related.

Secure By Design Series - Part 1

In this blog, PowerON CTO Steve Beaumont weighs up the options available when it comes to managing local admin rights: the pros and cons of manually addressing the issue internally vs. implementing a Privileged Access Management (PAM) solution to do it for you.

New Year, New Plan; Secure your Endpoints

The disrupted past few years have made it very difficult to plan ahead. But valuable lessons learnt throughout 2020 and 2021 can be applied to help us plan for 2022 – not least, lessons on cybersecurity.

Time Flies when you're Getting Hacked

In 2021 it took organizations an average of 212 days to discover a data breach - that’s a long time compared to the 24-48 hours it takes a hacker to compromise domain admin once they’ve gained initial access to your system. Here’s how to disrupt the attack timeline so they can’t escalate up the ranks of privilege undetected.

Catching up with CoolUnite

The CoolUnite Foundation improves the lives of terminally ill and vulnerable children by collaborating with a range of organizations that provide support for them and their families. Here’s what they’re getting up to at the moment – and how you can get involved.

It's Time To Take MacOS Security Seriously

Despite contrary belief, security is a big problem for the modern Mac operating system. Admin By Request’s cross-platform solution can help you address this problem and get your Apples under control.

Auto Approval, In Case of Emergency

How to have your (ICE Cream) cake and eat it.

RDP: Exposed (…Literally)

Despite RDP being the number one attack vector used by cyber criminals, the protocol is being adopted increasingly across the globe as teleworking solidifies its place in working culture. If your organization can’t do without it, here’s a few tips on what you can do to keep your systems safe while using RDP.

Awake from your PrintNightmare!

Six options to deal with Microsoft’s PrintNightmare KB5005652

What's new in Admin By Request 7.1

Learn from the development team what is new in version 7.1 and what the thinking behind it is

Combating Common Ransomware Tactics

In the unrelenting battle of the good guys versus cybercriminals, ransomware perpetrators have come out swinging in 2021. This blog investigates the common behaviors of the latest attackers on the scene; what are their tried and tested tactics, and how can you combat them?

What's in the Box?

Unpack Admin By Request’s Privileged Access Management free plan and discover exactly what you can get your hands on – no strings attached.

Don’t Cut Corners while Running LAPS

Microsoft LAPS was released in 2015 with the main purpose of making it more difficult for hackers to spread across IT networks. This Infosecurity Magazine blog explains how Microsoft LAPS works and how it compares to Admin By Request.

Supporting Critically Ill Children's Charity: Team Rynkeby

Admin By Request is backing the "Team Rynkeby" cycling team, who raise money for organisations that support children with critical illnesses. Learn how your company can help too.

UAC: The Feature You Love to Hate

Although necessary, the user experience with Window’s User Account Control has never been smooth. Admin By Request adds flexibility to the UAC experience to provide a solution that achieves everything the Microsoft security tool aims for in a comprehensive, user-friendly solution straight out of the box.

What's new in Admin By Request 7

Learn from the development team what is new in version 7 and what the thinking behind it is

Support Assist Feature

Joymalya Basu Roy from Atos shows you everything you need to know about Support Assist

Version 7 Feature Review

Joymalya Basu Roy from Atos gives you his take on the new features in version 7 of Admin By Request

How Much Could You Lose Over a Data Breach?

The 2020 IBM Cost of a Data Breach Report reveals some alarming figures about data breaches. Take the right steps now to avoid your organization suffering a breach and becoming part of the statistics.

Are You Responsible for Losing the Mothership?

It doesn't matter how many high-tech defenses and security systems you have protecting your network – they can all be thwarted if you let hackers slip onto the Mothership via an administrator account.

Azure AD & MEM/Intune

How-to: Integrate Admin By Request with Azure AD & MEM/Intune. A walk-through by Atos Technical Architect Hubert Maslowski

REvil Ransomware Aims Below the Belt at Jack Daniel’s Maker, Brown-Forman

The latest victim of REvil ransomware is the alcohol parent company of Jack Daniel’s. Learn how Privileged Access Management could counter such attacks and give you the upper hand.

Post-Covid-19 and Remote Working Cyber Attacks: You’re Not as Worried as You Should Be

Remote Working Cyber Attacks are a big risk the world will be facing post-Covid-19 pandemic. This blog discusses why you should be concerned and how you can ensure your remote workforce is protected.

Forming a Double Line of Defense Against a RAT: Remote Access Trojan ‘Taidoor’

A 12-year old Remote Access Trojan (RAT) that first emerged from the depths in 2008 has now scurried out of its hiding place to spread a new strain of virus in 2020

Admin By Request Review

Using Admin By Request to manage Local Admin rights on Microsoft Azure AD Joined Windows 10 devices was a joy, writes Joymalya Basu Roy (MS Intune Architect, ATOS)

Easy Peasy Lemon Squeezy: Privileged Access Management Made Simple

Admin By Request takes the burden out of implementing a PAM solution and makes the task a quick and easy one. Here's how.

Snake Ransomware Sinks Teeth into Honda and Enel

Industrial companies Honda and Enel were recently attacked by Snake ransomware. Get a breakdown on the malware and see how Admin By Request prevents these attacks out of the box.

Pack the Essentials: The Minimum Cyber Security Requirements

Many countries have set out minimum cyber security requirements that government and other agencies should meet to ensure a common, high level of security. Learn how Admin By Request supports these requirements.

The Light at the End of the Funnel

Admin By Request tackles almost 100% of vulnerabilities within your network by managing local administrator rights and scanning files with 30+ anti-malware engines.

RobbinHood and His Not-So-Merry Malware

Learn about kernel-based malware and how managing privileged accounts and preventing privilege escalation combats this threat.

MetaDefender Cloud

This external blog from www.opswat.com talks about the integration between Admin By Request and OPSWAT's MetaDefender

Deadline Approaching? Stay Cool

Stay on task with a privileged access management solution that puts ease of use at the forefront of its system.

Deploying hi-rise security compliance to the home

8 reasons why Admin By Request is the ideal solution to deploy privilege management for the (work from home) masses

One MetaDefender to Rule Them All

Learn about how anti-virus software works and why a single solution is not effective enough to provide adequate cybersecurity.

How-to: Use PowerShell to Query Admin By Request

A step-by-step guide on how use Windows PowerShell to test functionality and get data from Admin By Request.

Admin By Request makes TeamViewer A Team Do-er!

How sealing the Apple Mac compliance 'air gap' also prevents Team-viewer remote support sessions from going pear shaped

Local Admin Rights Elevation, Served Three Ways!

A privilege management taster explaining our three main elevation modes, and the scenarios to use them

Local Admin: How To Revoke Without The Revolt!

The unique killer feature that ensures your rights revocation project runs without rebellion - only with Admin By Request

Sub Settings And Portal User Scopes Put To Work

Zero in on how using sub-settings and departmental delegation helps torpedo time wasting rights elevation help-desk support tickets

Tick Tock, Tick Tock! Cyber Privilege Access Management In No Time!

How Admin By Request enables you to comply with UK Cyber Essentials privilege management requirements