Click the “Download” top menu and register for a free plan. You will get a login, where you download an MSI file to install on your computers. Use these credentials to sign in at the top and set the settings as you like. After login, you will also see an audit log and a full software and hardware inventory of your clients. The mobile app is free.

When a user logs on, the account will be downgraded from Admin to User unless: You have unchecked the “Revoke admins rights” in the portal settings The user is in the list of excluded accounts in the portal settings The computer is domain joined and the user is domain admin Please refer to the Mac client technical details page for more information.

If you log on to a Mac that is not joined to Active Directory and expect the user account to be downgraded from Admin to User, but it doesn’t happen and the icon appears red in the toolbar, you are most likely hitting the “Last Admin Check”. You can confirm this by clicking the red icon. The intention of this check is to make sure you always have a service account. If you don’t have at least one admin account, you cannot change, modify or delete user accounts on the computer and you can never uninstall Admin By Request. If you use the “Revoke admins rights” option to revoke user rights, all user accounts will be downgraded from Admin to User, when they log on. In the portal settings, you can specify user accounts that are excluded. These would typically be service accounts for a Help Desk or similar. If no excluded accounts are specified and the machine is not joined to Active Directory, the revoke will not be executed for the last administrator and it falls under the “Last Admin Check”. Please refer to the Mac client technical details page for more information.

That is not a concern. When users get an administrator session, the user’s role is not actually changed from user to admin. The user is granted all administrator rights – except the right to add, modify or delete user accounts. Therefore, there is no case, where the user can create a new account or change its own role and become permanent administrator. The user can also not uninstall Admin By Request, as the only program, to keep the administrator session open forever. Furthermore, all settings, configuration and program files are monitored during administrator sessions. If the user tries to remove or change any of the Admin By Request files, these are restored right away.

Users can install programs requiring admin rights, install drivers and change system settings other than user administration. User cannot run sudo or add, remove or modify user accounts.

You would normally use subsettings for this. But you can also put overruling settings on machines to overrule portal settings. Refer to this page for instructions.

No. When users do not use the application, it does not consume resources, except for a brief daily inventory and settings check.

Run the uninstall program /Library/adminbyrequest/uninstall. The program cannot be run during an Admin By Request administrator session.

You can find the error log under /var/log/adminbyrequest.log.