Frequently asked questions

If your question is not answered here, feel free to contact us.

Frequently asked questions

Q: How do I get started?

Click the "Download" menu and register for a trial. You will get a login, where you download an MSI file to install on your test computers. Then go to "My Account" to make configurations and/or "My Computers" to find your clients. If you later license the product, we will simply upgrade your account from trial to licensed.

Q: What happens to the local administrators group, when I install the client?

If the computer is in a domain, Domain Users will be removed from the local administrators group right away. That is all that happens initially. When a user then logs on, the user will be removed from the local administrators group, if the user is an explicit member (not through a group). The reason all users are not just removed right away is to only remove accounts that are actually interactive user accounts.

Q: What happens to the local administrators group, when I uninstall the client?

In licensed mode, nothing happens. In trial mode, revoked accounts will be put back in the local administrators group.

Q: How can I prevent users from temparing the software and become permanent administrator?

The administrators group will be snapshotted before the session start and restored after session end. If the user tries to add other users or groups to the administrators group, these will simply be removed at the end of the session. If the user tried to uninstall Admin By Request during a session, Windows Installer will show an error message saying that Admin By Request cannot be uninstalled during an active session.

Q: How can we keep some domain users as local administrators?

Domain groups other than Domain Users are not removed from the local administrators group. This means that if a domain user logs on and is member of domain group that is in the local administrators group (for example a Help Desk domain group) the user is always local administrator.

Q: Do I need to approve each and every time a user wants administrator access?

No. You can use a setting under "My Account" to allow elevation without approval. In this case, you still get the benefits of auditing who elevated when and you still have a log of installed software.

Q: I have legacy applications that prevent us from removing users from the local admins group. How to handle that?

You can distribute a policy key for each application that needs to run as administrator and thereby void the need for users to be permanent administrators. If this policy is set for the exe file, elevation happens automatically for this application only, regardless of other settings. Refer to the Policies top menu for more information.

Q: What if I need more complex group/OU rules?

You can overrule settings using Group Policy Objects, which would allow you to have different policies for different users or computers. Refer to the Policies top menu for more information.

Q: Can I install the Workstation edition on servers and Server edition on workstations?

You cannot installed the workstation edition on a server. But you can install the Server version on a workstation.

Q: What if my company does not allow any data in the cloud?

You can use the Core version. This version does not report anything to the cloud service. If you have a different edition, you can disable the cloud service (this web site) entirely and control everything by Group Policy Objects. Using an "Offline Mode" policy disables inventory and configuration and then all configuration must be done using policies. Anything you can do under "My Account", you can do with policies. Refer to the Policies top menu for more information.

Q: Is an internet connection required?

Yes and no. If the client has internet, the client can check, if you have approved the administrator request. If the client does not have an internet connection, you need to give the PIN code to the user for offline elevation. A PIN code is good for the current day and will change daily. Once the client gets internet, auditing data will be uploaded. If autoapproval is set by policies, an internet is never required.

Q: Does it consume internet connection bandwidth?

Yes, but only marginal. Elevation request are very small. Inventory data will consume about 25 kilobytes of internet bandwidth per month. Or said another way - 1000 computers will upload only 25 megabytes of data per month. This low consumption is possible because data is sent only once a day and only when there are changes. If there was no software installed or removed from the previous day for example, no software data is uploaded. In addition, the data is compressed.

Q: Can a third party get my inventory data?

No. data is encrypted and compressed. It can only happen, if you give your logon credentials to someone else.

Q: Should I be concerned about performance impact on my machines?

No. When you do not use the application, it does not consume any resources at all.

Q: How can you possibly know where my computers are?

When data is sent to the server, it happens over HTTPS. The IP address of the sender's NAT router is part of the protocol and this information is cross-referenced to internet service provider (ISP) registration data. The expected accuracy is at a city level.

Q: Can it help me with stolen computers?

Yes. You get the public IP address of the thief's router. The client does not require anyone to log on to a computer to upload data, so when the thief turns on the computer, the inventory data is sent transparently. You can now see the public IP address and upload time in your client view and give to the police. The police can then get the name and address of the IP address owner from the thief's internet service provider (ISP).

Q: What happens when I delete a computer?

The collected data associated with the computer is deleted. If the computer then turns out to be alive after all, the computer will show up again next time it uploads inventory data.