Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Managing Windows Devices
  3. Configurations

Category filter

Privilege elevation for Windows users with Self Service

Jump To

Organizations often prefer employees operating with standard accounts on corporate-owned devices. But, standard users often lack enough privileges from carrying out essential tasks such as installing approved applications or updating drivers.

To address this challenge, Hexnode offers a Self Service feature that allows IT administrators to provide temporary administrator privileges for the standard users. This document helps you define self service policy for Windows devices from the Hexnode UEM console.

Prerequisite:


Ensure that both the Hexnode Service (Agent) App and the Hexnode UEM app are updated to their latest versions on the devices for effective functioning of the feature.

Deploy Self Service policy

The Self Service policy must be defined by the IT administrators from the Hexnode console and then associated with the devices on which the privilege elevation should be allowed. Only standard user accounts on those targeted devices can elevate their privileges temporarily as defined by the policy, thereby ensuring administrative access is granted in a secure manner.

Steps to configure the policy:

  1. Log in to the Hexnode UEM.
  2. Navigate to Policies > New Policy.
  3. Choose the platform as Windows and click Next.
  4. Choose Enterprise and then click Next.
  5. Provide a policy name and description.
  6. Go to Configurations > Self Service.
  7. Click on Configure. Then, check the boxes required.
    • Allow user to elevate standard account to administrator: Enabling this option allows the standard user on the device to temporarily elevate their privilege as an administrator.
    • Set the time period for administrator privileges: You can set the time period for a standard user account to elevate their privilege as an administrator. For example, if the time limit is set as 3 minutes, then the user can be an admin for only 3 minutes and will be automatically reverted to standard user past the specified duration.

      Note:


      The maximum time period that can be set for a Self Service action ranges from 1 to 10 minutes.

    • Set a limit for the maximum number of times the user account can be elevated in a day: Once you enable this setting, it limits the number of times any standard account can elevate the privileges within a 24-hour period.
    • Maximum limit: By setting up a number, you can control how many times a user can switch their standard account to administrator privileges. For example, if the limit is set as 2, then the user will be restricted to a maximum of 2 elevations within a day.

      Note:


      The daily usage limit, i.e., how many times this provision can be granted to a user per day—can be configured between 1 to 25 times.

  8. Move to Policy Targets.
  9. Add your target device/device groups/users/user groups/domains/OUs with the policy. Then click OK.
  10. Click Save.

Self Service policy for Windows device configured in Hexnode UEM portal.

How can Standard users elevate their privileges from Windows devices?

While the initial Self Service settings are configured by the administrator through the policies in the Hexnode UEM console, the user initiates the actual request for elevation of privileges. The process of elevation is started by the end-user directly on their Windows device using a locally installed Hexnode UEM application.

Once the policy is applied:

  1. Open the Hexnode UEM app on the user device.
  2. From the left side menu, select Self Service.
  3. Click Elevate to gain admin privileges.
  4. A notification will appear if the elevation is successful, showing a confirmation message and the duration of elevated access.
  5. Admin privileges will be automatically revoked after the configured time.

Privilege elevation as administrator for the standard user account.

Frequently Asked Questions

  1. What are all the possible causes for the ‘Elevate’ button to be greyed out in the Hexnode UEM app?

    The ‘Elevate’ button will be greyed out under the following cases:

    • If the user is already an administrator.
    • If the maximum account elevation limit has been exhausted for the day.
  2. Should the user authenticate for privilege elevation with Self Service?

    No, the privilege elevation process doesn’t require user authentication.

  3. Can any user on the device utilize privilege elevation with Self Service?

    Yes. All standard users on the same device can use this feature independently. The time limit and daily elevation limit configured are tracked and applied separately for each user account on that device.

  4. What should the user do if they can’t see the Self Service tab in the Hexnode UEM app

    The user should ensure that the Hexnode UEM app installed on the device is updated to its latest available version.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Managing Windows Devices