Requesting Privilege escalation (admin status)

User Guide: Requesting Elevated Access with Heimdal PAM

Welcome to the Heimdal PAM user guide! This document will help you understand how to request elevated access to executables, programs, or files in a user-friendly manner. Follow the steps below to ensure a smooth experience.

Overview

All non pre-approved personnel must adhere to the Heimdal PAM policy, which requires approval for any elevated access. Here’s how the process works:

Request Privileged Access: The end user must first request access.
IT Approval: IT will review and approve the request.
Automatic Granting: Once approved, access is automatically granted to the endpoint.

1. Run with Admin Privileges

The Run with Admin Privileges feature allows you to run a single file or executable in an elevated state on a one-time basis.

How to Use:

Right-Click the Executable: Locate the executable file you wish to run.
Select the Option: In the context menu, click on Run with Admin Privileges.
Provide a Reason: You will be prompted to supply a reason for the request along with your email.
Access Granted: The requested access will be accepted instantly, and you will receive an alert along with the execution of the file.
Confirmation Popup: After clicking Start Now, a popup will inform you that the file has been elevated.

2. Administrator Session

The Administrator Session feature allows users to gain elevated access for a specific number of minutes to run applications or processes with Administrator rights.

How to Use:

Request Elevation: You can request elevation from the HEIMDAL Agent by pressing the Elevate button or by right-clicking the Heimdal icon in the System Tray and selecting Request admin rights.
Provide a Reason: You will be prompted to supply a reason for the request along with your email.
IT Approval: Once your request has been approved by IT, you will receive a notification to start your Administrator session.

Conclusion

By following these steps, you can easily request elevated access using the Heimdal PAM system. If you have any questions or need further assistance, please reach out to your IT department. Happy computing!

All non pre-approved personnel will sit under the Heimdal PAM policy which requires approval for any elevated access to executables, programs or files. This means the end user most first request privileged access, IT must then approve it, the access is then automatically granted to the endpoint.

Run with Admin Privileges – This option allows you to run a single file/executable on a one-time basis in an elevated state.

The Run with Admin Privileges feature allows the user to right-click an executable file.

To do this simply right click the executable file and you will see a listed option within the context menu “Run with Admin Privileges –

A screenshot of a computerDescription automatically generated

You will then be prompted to supply a reason for the request along with your email –

The requested access will then automatically be accepted instantly, and you will be alerted to the below along with the execution of the file requested –

After clicking Start Now, the below popup will appear to inform the user that the file has been elevated.

A close-up of a computer screenDescription automatically generated

Administrator Session

The Administrator Session feature allows the user who is requesting elevation to get elevated for a specific number of minutes to run applications/processes with Administrator rights. When an Administrator Session elevation is started, the requesting user is temporarily promoted as a member of the local Administrators group (this feature supports computers managed through Azure Active Directory, Active Directory, or hybrid setups). This will ensure that the user can use his/her own credentials (username and password) to run processes/applications. To run a process/application with Administrator rights, you need to right-click the executable file and click Run as Administrator (just like you would if your user were already an Administrator), and when you get prompted by the UAC, you need to type in your user credentials (because your user has been temporarily elevated to Administrator level).

The Administrator session will run for a selected period of time configured within the Heimdal Policy, this is currently set to 10 minutes but can be adjusted.

Elevations can be requested from the HEIMDAL Agent by pressing the Elevate button, or by going into the System Tray and by right-clicking the Heimdal icon and selecting Request admin rights -

You will then be prompted to supply a reason for the request along with your email –

Once the request has been approved by IT, you will receive the below to start your administration session –