By Development Team
What's new in Admin By Request 7.1
Version 7.1 is a continuation of the major release 7.0. We have had lots of great feedback from our customers and 7.1 is essentially a feature set based on customer feedback. We recommend all customers to upgrade to version 7.1, because it adds important new features and resolves some annoyances that customers have reported to us.
Right-click "Run As Administrator"
The new version 7.1 can now detect all files that require administrator permissions to run without users having to right-click and use “Run As Administrator”. Most of the time, Admin By Request was able to determine when users needed to run a file with administrative permissions (meaning without Admin By Request on an endpoint, the User Account Control (UAC) window would pop up). In some specific circumstances, there was still a need to right-click. These issues have been resolved and users no longer need to be aware of right-clicking to run an install file or similar.
When you use “Require Approval” (approval mode), your users are notified by email, when you approve or deny the request. This email still goes out, but the user is also notified by the application. Note that this is not a push mechanism. It is intentionally a pull request that runs in intervals, which means it’s not entirely real-time, but can be delayed by up to half a minute from when the request was approved or denied. The reason for this is that many of our customers have a policy to not allow any sort of push mechanism to endpoints for security reasons and therefore it’s a business decision not to use Firebase or similar to push these messages.
Under “Applications” in your portal settings, there is an new tab named “Tray Tools”. They allows you to customize a right-click tray menu to add tools for your end users. These could be links to Control Panel applets, web links or just handy applications that you refer your users to start from here.
Control Panel without an Administrator Session
However handy, the reason why the Tray Tools were introduced is to fix issues with the old Windows Control panel. The old Control Panel goes all the way back to Windows 95 and was made long before User Account Control (UAC) came along and for this reason, it is not always behaving correctly with UAC - which in turn means that Admin By Request can not always detect these in-line elevations inside the Control Panel. If you add links to the Control Panel from the Tray Tools, the elevation of the Control Panel works without an Administrator Session, because the process is initiated by Admin By Request. There is a pre-set "Quick add" list to add Device Manager, Network Adapter Settings, Add Printer and Uninstall Programs. You can then refer your users to the Tray Tools to use these shortcuts, voiding the need to grant them a full Administrator Session.
New About screen
The About screen has been totally redesigned. The About screen is used by your support staff and has been redesigned to be more user friendly and also to give space to more features in the About screen, which in reality is the service menu, where you can check connectivity, send diagnostics, use Support Assist, etc. If you missed what Support Assist ("Assistance") is, it allows your service staff to perform administrator tasks on the endpoint without the end user having to log off. The Auditlog will show both the end user and the servicing user for documentation.
Uninstall PIN Code
In most organizations, help desk users servicing endpoints have an option to get someone with a domain or azure administrator account to help, if there is a need to uninstall Admin By Request for what-ever reason. If that is not the case, Admin By Request can be uninstalled with a 10 digit PIN code. We have intentionally not added an option to uninstall Admin By Request from the portal, because doing so by mistake or with malicious intent could have hard consequences. The thinking behind this is that you need both access to the end point AND access to the portal to be able to uninstall without a domain or azure administrator account.
The Uninstall PIN Code can be found in the 5th About left-menu named “System”. It is called “System” to not encourage users to try to uninstall the software. The uninstall PIN code can be generated in the inventory on a machine and is 10 digits. There is no PIN code unless someone generates one in the portal.
Regardless, if a portal user actually generated such a PIN code or not, the endpoint behaves the same to not give away whether it's possible or not. If the user tries to brute force the PIN code, it will simply return “wrong PIN code” for the next 24 hours no matter what. This means it will statistically take 1.3 million years to brute force the PIN code - if you knew there even was one.
Windows 10 Enterprise for Virtual Desktops
The Virtual Desktops edition of Windows 10 is a workstation edition that behaves like a server that is typically provisioned through Microsoft Azure. The server edition of Admin By Request can now detect this special version of Windows 10 and fully support the multi-user environment.
Version 7.0 had compatibility issues with a few specific applications that were reported through support tickets, such as CodeSys' module updater and Acronis installer. These have all been resolved.
The inventory now includes a flag to show, if Bitlocker is enabled or not. You can filter the inventory to check, if all your endpoints are encrypted.