Editions

This page explains the editions of Admin By Request.

Feel free to contact us using the "Contact" top menu, if you have any questions about editions.

	Workstation Mac	Workstation Windows	Server Windows
Administrator Access Lockdown
Tampering Protection
Local Admins Group Cleanup
Local Admins Group Protection
Email Approval Flow
Elevated Session Cloud Auditing
Hardware And Software Cloud Inventory
administrator's group Cloud Inventory
PIN Code Offline Elevation
Block Applications
Multi-lingual Support
Group Policy Control (ADMX)
Administrator Logon Cloud Auditing
Support for Servers

Features explained

Administrator Access Lockdown

Admin By Request allows you to permanently remove your users administrator rights and instead have users request a temporary real-time time-limited administrator session. Refer to the How It Works page for more details.
Windows: Users are removed from the local administrator's group at logon.
Mac: Users are downgraded from admin role to user role.

Tampering Protection

The user is limited to install software and perform trivial tasks. The user cannot change local users or tamper the system during an administrator session. Furthermore, Admin By Request cannot be uninstalled during temporary administrator session. This prevents the user from keeping the temporary administrator session permanently by uninstalling the product.

Local Admins Group Cleanup

Windows: Admin By Request will remove Domain Users from the local administrator's group and all local or domain accounts that logs on interactively that are not either administrator through a domain group or is the built-in administrators account. This is by default disabled on servers, but can be enabled through policies.
Mac: User's admin role will be downgraded to user role and granted certain rights during an administrator session without getting the full privileges of an Admin. Refer to the FAQ for more information.

Local Admins Group Protection

Windows: Admin By Request snapshots the administrator's group, when a user is granted a temporary administrator session. If the user puts a user account or domain groups into the administrator's group during an administrator session,
Mac: On Mac the version, this problem does not exist in the same way, because the user is not really promoted to be a full administrator. The user can during an administrator sessions do everything - except change, add or modify user accounts.

Group Policy Control (ADMX)

In the portal on this web site, you define rules for approval of temporary administrator sessions. You can install a custom ADMX file in your environment to control these locally. This also allows you to add granularity by having different settings for different OUs through different Group Policies. You can also add blocking and pre-approval of applications through Group Polices. Refer to the Policies page for more information.

Blocking and Auto-Elevation of Applications

Using Group Polices, you can create a list of applications you never want users to run, either permanently or only during administrator sessions. Refer to the Policies page for more information.

Multi-lingual Support

Admin By Request will automatically adapt to the operating system language of the user. Supported languages are English, German, Spanish, French, Danish, Swedish, Norwegian, Dutch, Italian, Korean, Chinese, Polish and Russian.

Elevation File Logging

File logging will log to a log file, when a user is granted temporary administrator access and when the session ends.

Email Approval Flow

When a user requests an administrator session and you do not have auto-approval enabled, you receive an email in real-time with a link to approve of deny the request. The email notification ensures that the end user will not have to wait until someone logs in to the portal and check for administrator requests.

Elevation Cloud Auditing

When a user is granted an administrator session, the session is audited to the portal, meaning start end end time, user name and a delta of installed and uninstalled applications during the session. This allows you to cross-reference the reason the user gave to be granted the session with actual delta of applications on the machine during the administrator session.

Hardware And Software Cloud Inventory

You get a full hardware and software inventory in your cloud portal on this web site by installing Admin By Request on a machine, even if no one uses the application to request sessions.

PIN code elevation

In case approval mode is enabled and a computer is without internet connection, as PIN code can be granted to elevate offline. Refer to this page for more information.

administrator's group Cloud Inventory

The members of the administrator's group are collected as part of your inventory. This allows you to catch unexpected administrator accounts across your network in a simple flat view.

Administrator Logon Cloud Auditing

On servers, when any administrator logs on, the session is audited in the same way as an approved elevated temporary administrator session. The audit of elevated sessions combined with these administrator logons give you a complete central picture of all administrator access on your servers in real-time. On a server, the request access icon will not appear, except for users who are member of a specific domain group. This allows you to put for example external consultants in this group. When a normal user has a remote desktop session, the icon will not appear. An administrator will see a red icon and a member of this domain group will see the request administrator access icon, just like on a workstation. Then once the external consult is on the server, he has to request administrator access on a case-by-case basis instead of having permanent administrator rights.