262-299-4606info@srekait.com

Editions

This page explains the editions of Admin By Request.

Feel free to contact us using the top menu, if you have any questions about editions.
  Workstation Server
Administrator Access Lockdown
Hardware And Software Cloud Inventory
Administrators Group Cloud Inventory
Admins Group Cleanup
Admins Group Tampering Protection
Blacklist Applications
Auto-Elevation Of Legacy Applications
Multi-lingual Support
Group Policy Control (ADMX)
Elevation File Logging
Email Access Grant Flow
Elevated Session Cloud Auditing
Administrator Logon Cloud Auditing  
Support for Servers  

Features explained

Administrator Access Lockdown

Admin By Request allows you to permanently remove your users from the local administrators group on workstations and instead have them request a temporary time-limited administrator session. Refer to the How It Works page for more information.

Admins Group Cleanup

Admin By Request will remove Domain Users from the local administrators group and all local or domain accounts that logs on interactively that are not either administrator through a domain group or is the built-in administrators account. This is by default disabled on servers, but can be enabled through policies. Refer to the FAQ for more information.

Admins Group Tampering Protection

Admin By Request snapshots the administrators group, when a user is granted a temporary administrator session. If the user puts a user account or domain groups into the administrators group during an administrator session, these are removed, when the session ends.

Uninstall Protection

Admin By Request cannot be uninstalled during temporary administrator session. This prevents the user from keeping the temporary administrator session permanently by uninstalling the product.

Group Policy Control (ADMX)

In the portal on this web site, you define rules for approval of temporary administrator sessions. You can install a custom ADMX file in your environment to control these locally. This also allows you to add granularity by having different settings for different OUs through different Group Policies. You can also add blacklisting and whitelisting of applications through Group Polices. Refer to the Policies page for more information.

Blacklist and Auto-Elevation of Applications

Using Group Polices, you can create a list of applications you never want users to run, either permanently or only during administrator sessions. You can also add legacy applications that will auto-elevate to administrator privileges on start, which is sometimes the only reason administrator privileges cannot be removed from workstations. Refer to the Policies page for more information.

Multi-lingual Support

Admin By Request will automatically adapt to the operating system language of the user. Supported languages are English, German, Danish, Spanish and French.

Elevation File Logging

File logging will log to a log file, when a user is granted temporary administrator access and when the session ends.

Email Access Grant Flow

When a user requests an administrator session and you do not have auto-approval enabled, you receive an email in real-time with a link to approve of deny the request. The email notification ensures that the end user will not have to wait until someone logs in to the portal and check for administrator requests.

Elevation Cloud Auditing

When a user is granted an administrator session, the session is audited to this portal, meaning start end end time, user name and a delta of installed and uninstalled applications during the session. This allows you to cross-reference the reason the user gave to be granted the session with actual delta of applications on the machine during the administrator session.

Hardware And Software Cloud Inventory

You get a full hardware and software inventory in your cloud portal on this web site by installing Admin By Request on a machine, even if no one uses the application to request sessions.

Administrators Group Cloud Inventory

The members of the administrators group are collected as part of your inventory. This allows you to catch unexpected administrator accounts across your network in a simple flat view.

Administrator Logon Cloud Auditing

On servers, when any administrator logs on, the session is audited in the same way as an approved elevated temporary administrator session. The audit of elevated sessions combined with these administrator logons give you a complete central picture of all administrator access on your servers in real-time. On a server, the request access icon will not appear, except for users who are member of a specific domain group. This allows you to put for example external consultants in this group. When a normal user has a remote desktop session, the icon will not appear. An administrator will see a red icon and a member of this domain group will see the request administrator access icon, just like on a workstation. Then once the external consult is on the server, he has to request administrator access on a case-by-case basis instead of having permanent administrator rights.