Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 68 Next »

AdminOnDemand 1.4 released May 11, 2022 - Document updated May 11, 2022

Description

AdminOnDemand allows standard users without local administrator permissions to execute EXE and MSI files with elevated privileges.

PreRequisites

User Account Control

 General

AdminOnDemand requires that User Account Control (UAC) is enabled and configured as described.

Configuration can be applied using Group Policy Objects (GPO) or Windows Registry Database (REGDB).

 Configuration

User Account Control: Run all administrators in Admin Approval Mode must be Enabled

GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode

REGDB: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\<EnableLUA>:1 (REG_DWORD)

User Account Control: Behavior of the elevation prompt for standard users must be Prompt for credentials or Prompt for credentials on the secure desktop.

GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for standard users

REGDB: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\<ConsentPromptBehaviorUser>:1 or 3 (REG_DWORD)

 Configuration Issues

If User Account Control is disabled, an “access denied” message is presented.

If User Account Control is enabled, but not configured correctly, a “blocking” message is presented.

User Experience

When users want to execute a process with elevated privileges, all they have to do is right-click the process and select “Run as AdminOnDemand”

If Informational Text is enabled it will be presented to the user.

If Confirmation Text is enabled it will be presented to the user and must be confirmed before proceeding.

Known Issues

Time Sync

 Click here to expand...

If the time on the device with AdminOnDemand is ahead of the time on the device used to view the dashboard, then the information on the dashboard is not presented accurately.

The issue will not affect devices where the time on the device with AdminOnDemand is behind the time on the device used to view the dashboard.

The issue will not affect devices where the time is not synchronized because of different time zones.

Example

The time on the device with AdminOnDemand is 15.30

The time on the device used to view the dashboard is 15.25

The information on the dashboard is not presented accurately before the time on the device used to view the dashboard is 15.30. This will cause a symptom of a 5-minute delay.

  • No labels