The value proposition

You are probably reading this, because you know you have a problem. Either your company allows users to maintain local administrator rights or you have to do countless remote installs. We can solve this for you with little effort and at the same time free up your IT resources.

We have customers with tens of thousands of users, who have tried to implement whitelisting solutions, but failed and came to us, because this way you can only see the world in retrospect. Your users will hate you for blocking their workday. Even with unlimited resources, no one can predict what your users need today. Instead of speculating on this by creating whitelists ahead of time, Admin By Request works proactively the other way around. If your user starts to install software, the client software intercepts this and installs the software with a full audit trail without the user being administrator. It's like the self-checkout at the supermarket.

It is also safer than traditional whitelisting solutions, because an administrator whitelisting a file doesn't mean it is safe. We real-time scan files with more than 20 anti-virus engines before allowing a file to run with administrative privileges.

Nothing needs to be installed or changed on-premise. Users do not need to be re-educated and no one in IT has to spent endless hours on whitelists or remote installs. All you have to do is to deploy the client software. This ease of use is why we are the fastest growing PAM solution in the world. Let us show you - request a demo today.

Request a free demo

Gartner names Privileged Access Management (PAM) the top project to reduce cybersecurity risks

Privileged accounts (or administrative or highly empowered accounts) are attractive targets for attackers. A PAM project will highlight necessary controls to apply to protect these accounts, which should be prioritized via a risk-based approach. PAM projects should cover human and nonhuman system accounts and support a combination of on-premises, cloud and hybrid environments, as well as APIs for automation.

Sandboxed software installs

In most cases, users need admin rights to install or update software, such as Adobe Reader, Visual Studio or VPN software. In essence, the tricky part about revoking local admin rights is to do it in a way that doesn't break your users' productivity, while at the same time solving your problem of locking down local admin rights. That's what Admin By Request does for you.

When a user starts an install, the process is intercepted and the user has to enter a reason, email and phone number to continue. You can set to automatically approve for some users and require IT approval for others. The video link shows the user experience with IT approval on.

The true value of this approach is not a technical one. Users do the same as they have always done, but they don't have admin rights to change anything on the machine. Because users do the same as they have always done, no users are unhappy and no re-education of users is needed - it just seamlessly fits into their everyday worklife. Think about the value of being able to seamlessly revoke admin rights without having to re-educate all your users.

Knock, knock. Who’s malware?

Oh! The elephant in the room. Don't worry. We got your back. When users request to run a file with admin privileges, we real-time scan the file with more than 20 anti-virus engines. This gives you assurance that the file is safe.

Malware is often hidden in "too good to be true" freebies, such as free PDF generators, ISO tools or cleaner tools that your users are tempted to run. We use OPSWAT's MetaDefender technology to make sure your users are blocked from running any malware with administrative privileges before the damage is done.

Administrator session

Some expert users, such as developers, may have a need to install a bulk of software or do advanced tasks like modifying computer settings. You can allow some users to request a protected administrator session that grants the user temporary administrator rights under full audit.

The user will see a timer in the lower right corner on their Windows or Mac computer. Once the user either stops the timer or the time runs out, data about the session will be uploaded to the portal. You can then see which software was installed or uninstalled and which applications were run UAC elevated during the session. Admin By Request protects the computer during the session from tampering, such as users trying to outsmart the system by adding new local users or removing Admin By Request.

Watch Video

Easy Configuration

Configuration is super easy. All you have to do is to log into your portal account and configure. You can differentiate all settings for users or computers based on their Active Directory groups or Organizational Unit. If you are using Azure AD only, you can filter by Azure groups.

Request Admin right window

The mobile app

The mobile app makes it easy for your team to approve requests. A request for privileges will be pushed real-time to your administrator phones. The mobile app also gives you your full audit log and inventory right in your pocket without having to go to the portal for data.

More info

Keeping on top of things

The audit log and reporting tools put you in the front seat of the whole operation. You can extract anything real-time, such as seeing a graphical representation of how many requests and elevations are going on right now.

Like what you see?

Feel free to reach out to us for a discussion on how we can help you.

Book a demo Download trial Quote