262-299-4606 • Email us

Frequently asked questions

If your question is not answered here, feel free to contact us.
Click the "Download" top menu and register for a trial. The trial is 100% free and fully functional. You will get a login, where you download an MSI file to install on your test computers. Use these credentials to sign in at the top and set the settings as you like. After login, you will also see an audit log and a full software and hardware inventory of your clients.
If the computer is in a domain, Domain Users will be removed from the local administrators group right away. That is all that happens initially. When a user then logs on, the user will be removed from the local administrators group, if the user is an explicit member (not through a group). The reason all users are not just removed right away is to only remove accounts that are actually interactive user accounts and not accidentally remove any proprietary service accounts.
In licensed mode, nothing happens. In trial mode, revoked accounts will be put back in the local administrators group.
The administrators group will be snapshotted before the session starts and restored after the session ends. If the user tries to add other users or groups to the administrators group, these will simply be removed at the end of the session. If the user tried to uninstall Admin By Request during a session, Windows Installer will show an error message saying that Admin By Request cannot be uninstalled during an active session.
Domain groups (except Domain Users) are not removed from the local administrators group. This means that if a domain user logs on and is member of domain group that is in the local administrators group (for example a Help Desk domain group) the user is always local administrator. In this case the tray icon is red and hovering it, you can see the tool tip saying "You are logged on as administrator".
No. You can use a setting after sign in to allow elevation without approval. In this case, you still get the benefits of auditing; who elevated, when and an auditlog of installed software and executed applications. In auto-approval mode, you can (and should) require the user to document a reason for administrator elevation, which you can later use to cross-reference actual activity. You can (and should) also enable the Codes of Conduct message/screen that will appear just before the session starts. The Codes of Conduct is a screen/message that is used to inform the end user of company policy and penalties for abusing administrator elevation.
Yes. The most typical pattern we see for new customers is that they start with approval required. Then after an initial period, when the psychological effects on end users are clear and there is reassurance end users do not violate rules (see previous question), they shift to auto-approval mode combined with reason requirement and Codes of Conduct screen. This is the point, where the whole administrator access issue is truly solved, because now the system and administrator access rests with end users without any administration work on the server side.
No. When users do not use the application, it does not consume resources, except for a brief daily inventory and settings check.
This may be surprising, but no. The client is only required to have an occasional internet connection (like a guest WIFI anywhere). The reason is, clients will ask the cloud service roughly once a day for current settings. The client then knows your current rules in case the user needs to elevate offline. If you then have auto-approval on, the client will allow the user to become administrator temporarily and will queue the data locally, such as time, installed applications, executed exe files as administrator and so on. Once the client has an internet connection again, it will flush the queue to the cloud service and you will get all data. This means that the client works exactly the same being online or offline. The only difference is the time you get the reporting data in the cloud service.
In this case the client can not allow the elevation and you cannot see an approval request. The client will intelligently determine it is indeed offline and on the approval screen, a note will automatically appear telling the user the elevation can only happen, if the user either seeks an internet connection or, if not possible, contact IT and get a daily PIN code. The PIN code is a code the client and server know without having communication. The PIN code will appear in the left menu on computer details in the inventory, if you enable approval mode.
Absolutely not. This has always been a primary focus on the development side, because metered connections still exist in some places in the world and, if the connection is bad, we don't want to consume bandwidth. Inventory data is collected intelligently, so only delta data is collected. If nothing changes from day to day and the user does not request admin elevation, no traffic happens. The actual data transferred from the client to the cloud service is minimal. If you take a random client and divide the traffic from typical use for a month, divide by days, we are talking about 5K of data per day. Or said in another way, you can expect a thousand machines to consume only about 150 megabytes of bandwidth per month.
Please refer to our SLA & Compliance for more information.
Please refer to our SLA & Compliance for more information.
Please refer to our SLA & Compliance for more information.
First of all, consider the data that is actually stored. This is not banking information, it's mostly basic inventory data, software lists and timestamps of operations. The only data which is sensitive, are names of owners of computers to help you contact users. You have two options. One, is to fulfill the documentation requirements and keep this data in the service. In this case, use the contact menu and start a dialogue with us about your documentation needs to be compliant. – Two, in the settings area for clients, you can disable collection of user names, email addresses and phone numbers. You can also choose to obfuscate account names. If you enable all these options, there is no personal data on our service. If you enabled obfuscation, you will see a 32-byte alias of a user account that neither you or we can decode to an actual account name. This is of course impractical, because if you require approval, you are totally unaware who the user actually is and you have no way to contact the user. In approval mode, someone writes to you to do something on a machine. Can this work for you? If you think this is the way to go, we would recommend you download a trial and try it yourself with these settings. A compromise could also be a way to go - for example, collect the actual account name - but do not collect the full name, emails and phone numbers. You would have to revert to your own AD for contact info then.
You can distribute a policy key for each application that needs to run as administrator and thereby void the need for users to be permanent administrators. If this policy is set for the exe file, elevation happens automatically for this application only, regardless of other settings. Refer to the Policies top menu for more information.
You can overrule settings using Group Policy Objects, which would allow you to have different policies for different users or computers. Refer to the Policies top menu for more information.
You cannot install the workstation edition on a server. But you can install the Server version on a workstation.
When data is sent to the server, the sender IP address is cross-referenced to internet service provider (ISP) registration data. The expected accuracy is at a city level.
Yes. Once the machine is booted, you get the public IP address of the thief's router. The client does not require anyone to log on to a computer to upload data, so when the thief turns on the computer, the inventory data is sent transparently. You can now see the public IP address and upload time in your client view and give this to the police. The police can then get the name and address of the IP address owner from the thief's internet service provider (ISP).
The collected data associated with the computer is deleted. If the computer then turns out to be alive after all, the computer will show up again and upload inventory data.