Using Tray Tools

Tray Tools are items that appear when you click the Admin By Request system tray icon:

The items in the list of tools can be executable programs (or apps), web links with instructions, Control Panel applets or program shortcuts. They are generally tools that perform useful, routine tasks that have been pre-approved and thus do not require requests for administrator access.

NOTE:

• The Tools menu shown in the image is what a Standard User sees - an Administrator has no need of pre-approved access to tools and so the menu is not shown to users logged in as administrators.

• The IT administration team uses the portal to add or remove items from the Tools list.

Refer to Tray Tools Settings for information on configuring Tray Tools.

Using Run As Admin

Run As Admin (also known as App Elevation) allows for the elevation of a single application.

This capability negates the need for users to initiate an Admin Session. Elevating privileges for execution of a single file is the much safer option compared to elevating the user’s privileges across the endpoint.

A standard user executing a program that requires elevated privileges to install initiates the following sequence of events::

1. Download the file for installation.

2. Start the installation by right-clicking and selecting Run as Administrator:
   

3: Admin By Request suspends installation and asks for phone, email, and reason. Enter these details and click OK to continue:

4: A notification now advises that the request for approval has been sent:

5: When the request is approved, a further notification advises the request has been approved:

6: Now the installer has the elevated privileges required to run - click Yes to start authorized installation with elevated privileges.

The elevated privileges last only for the duration of the install and apply only to the particular application or package authorized.

Check the audit log in the portal for details on the user, the endpoint, the application run and Run As Admin Settings for information on configuring Run As Admin.

Submitting a request for administrator access is the primary mechanism for gaining elevated privileges.

A standard user making this selection initiates the following sequence of events.

1. An empty Request Administrator Access form appears:
   

2: The user enters email, phone and reason information into the form and clicks OK.

NOTE:

Settings in the portal control the full extent of what is displayed to the user:

• If Code of Conduct is enabled, the user must acknowledge a Code of Conduct pop-up to continue (Portal > Settings > Workstation Settings > Windows Settings > Endpoint > INSTRUCTIONS).

• If Require approval is OFF, the approval steps are skipped (Portal > Settings > Workstation Settings > Windows Settings > Authorization > AUTHORIZATION > Admin Session).

3: The request is submitted to the IT administration team and the user is advised accordingly:

4: The IT administration team is notified via the Admin By Request portal that a new request for administrator access has arrived.

The following example shows how two new requests might appear in the portal:

5: One of the team either approves or denies the request. If approved, the user is advised accordingly:

6: The user clicks Yes, which starts the session and displays a countdown timer:

7: The duration of an admin session is set via the portal (15 minutes in this example) and the countdown timer ticks down to zero, at which time the session ends. The user can optionally end the session at any time once it has started by clicking Finish.