Lars Olsen, Consultant

Imagine this nightmare scenario: Every user in your organization is local administrator on their computer! I don’t have to explain the constant danger that lurks behind every click the user makes when they check their email og browse the internet. You probably already know that local administrator rights should be avoided or kept to an absolute minimum, but to keep the users happy they get to keep their rights. 

Why would any IT department want that? “Because that’s the easiest way to install software or printers – and we don’t have time to package everything”. 

What else could you do to minimize the threat from the big bad internet? 

The easiest way to do this, would be to cut the internet connection, and turn of every computer in the company. This, of cause would have implications on the productivity, and the employees would probably think your decision was rather stupid. 

To implement User Account Control and remove the employee’s ability be local administrators are a little less drastic change, and probably easier to digest than the alternative above. 

Unfortunately, every company has a group of users, or a certain employee type that require local administrator rights to perform their jobs. As an example, I could mention the developer type employee, who constantly is updating or adding features to their development tools. 

These sorts of users can become quite a burden for the software packaging team in your IT department, and what usually happens, is that the developers become permanent local admins on their computers. 

The developers are probably not the users you should fear the most – what about a stressed out customer service employee or the CEO secretary who opens a spear phishing mail and clicks on a malware infested URL. That’s where things get out of control very fast if the user is local administrator. 

The solution 

As an alternative solution what if users could elevate applications and install software with your permission? 

Introducing AdminOnDemand – a Privileged Access Management (PAM) tool and a part of CapaSystems CapaOne solution. 

With AdminOnDemand you can easily assign local administrator rights based on different methods, such as Active Directory group membership or local group membership or assign a user local administrator rights on a single computer. 

There is even an option to assign a global local administrator. 

Living on the edge

For a computer to be able to receive an AdminOnDemand configuration, it needs to be tagged. A computer can be tagged with as many tags as you wish. 

Tags are applied in the devices list, where filters can be applied the devices list to single out exactly the computers you need to tag. The filters can be based on many different criteria’s, such as computer name, hardware information and software installed on the computer. 

The search filters are an extremely powerful tool, you can even create a list of computers with batteries that have a poor maximum capacity. 

When the computer is tagged and a configuration is applied to that tag, the user can start elevating MSI or EXE files. 

How does it work 

To use the AdminOnDemand privileged access management solution to run or install a program, the user must right click on the file and select “Run as AdminOnDemand”. At this moment the user is authorized through either Active Directory group or local group membership or via the relationship to the computer or whether the user has global administrator rights. This makes changes to the configurations work instantly, because the user is authenticated on their elevation request. 

The user is presented with a warning that actions are logged when a program or installer is elevated. 

The user is now presented with a User Account Control prompt, here they must type in their own credentials and password. 

Logging of user actions is instantly sent to the CapaOne Portal, and a dashboard shows you which programs have been installed, and how many times. The dashboard also displays which applications are elevated and a list of the users who requests local administrator rights. 

Every graph in the dashboard is clickable – this means that you can do a deep dive into the information very fast. 

If you click on an application in the graph, you will be able to see who has installed the application and on what computer and when it happened. 

If you want to analyze what the most active users are doing when elevated that is also possible – just click on the graph with their name next to it. 

If a user is elevating a Command prompt, the actions done inside the prompt is also logged. 

A change for the better 

Going from being local administrator, to not having any rights on the computer might be a big change to the users in your organization, and you might get a few complains about your decision. To make the transmission easier on the users, why not assign everyone in the organization local administrators rights through the privileged access management tool AdminOnDemand? The users would have the same rights as before, but they might think twice before installing non work related software. 

And as a bonus you get to see what the users are installing through our extensive logging methods. 

You can use all this logging information to your advantage in your software packaging team. It might be a good idea to package the most installed programs. 

With privileged access management solution AdminOnDemand you’ve got the perfect tool to help your users and keep the client platform secure at the same time. 

Download the free Whitepaper

 

"From operations to strategy"

 

You’re very likely facing this every day—a requirement for increased automation throughout the organization in order to raise competitiveness and also increase user satisfaction. That’s a difficult balancing act, and only few people succeed.

 

Download the free Whitepaper from CapaSystems and read more...

Thank you for signing up. You will receive a link to our free Whitepaper in your inbox.

Download the free Whitepaper regarding Digital Employee Analytics

 

"Employees are (also) the real success factor in the digital era"

 

In today’s digital world, employees build their careers on the ever-changing opportunities presented to them. So, competitiveness requires more from companies than ever before — you need to present your corporation as attractive as possible to existing as well as future employees.

Therefore, you need to incorporate the Employee Experience, which includes all aspects of the relation between the employee and the employer.

 

Download the free Whitepaper from CapaSystems and read more...

Thank you for signing up. You will receive a link to our free Whitepaper in your inbox.

Download the free Whitepaper

 

"How to select the right software provider"

 

Software providers abound, and very likely they will call you again and again wanting to present their solutions.

CapaSystems has made a brief guide with concrete advice on what you need to be aware of when you contemplate switching software providers or wish to integrate a new system in your organization.

 

Download the free Whitepaper from CapaSystems and read more...

Thank you for signing up. You will receive a link to our free Whitepaper in your inbox.

Download a free Whitepaper regarding the CIOs role in the future

 

"CIO as business developer"

 

It is crucial that businesses’ CIOs are able to identify, select and evaluate the IT services that provide maximum insight and increase growth and productivity. That requires tools that provide up-to-date operational insight into services’ functionality and stability.

 

Download the free Whitepaper from CapaSystems and read more...

Thank you for signing up. You will receive a link to our free Whitepaper in your inbox.

User Experience

Download free whitepaper regarding performance issues and end user simulation

 

"Solve your performance issues with end user simulation"

 

A recent study showed that Danish employees waste an average of 144 hours a year on slow computers. To a company of 500 employees, that is hundreds of thousands of Danish kroner. This whitepaper describes how you can minimise waiting time by having your IT provider comply with your service agreements.

 

Download the free Whitepaper from CapaSystems and read more...

Thank you for signing up. You will receive a link to our free Whitepaper in your inbox.

Download free Whitepaper from CapaSystems regarding performance issues and how to awoid wasting time

 

"Analyze infrastructure and use time efficiently"

 

Performance problems and long login times can easily cost businesses and organizations time that corresponds to several full-time jobs every year. It can be hard to identify the roots of the problems with traditional solutions.

End-user performance monitoring, however, provides an overview that covers the entire infra-structure – from end users to network and server applications. That provides an accurate, factual basis for correcting current problems and for nipping future problems in the bud.

 

Download the free Whitepaper from CapaSystems and read more...

Thank you for signing up. You will receive a link to our free Whitepaper in your inbox.

Download free whitepaper regarding BYOD

 

"Bring Your Own Device?"

 

Mix of personal and business applications on same IT devices makes IT departments worry.

But what about the security of your company in this universe of personal and business apps provided by a Bring Your Own Device (BYOD) culture?

 

 

 

Download the white paper from CapaSystems and read more...

Thank you for signing up. You will receive a link to our free Whitepaper in your inbox.

Download free whitepaper regardingShadow IT

 

"Cast new light on Shadow-IT"

 

It’s a challenge when employees and business units purchase technology and IT services without involving the IT department. You easily lose perspective of finances, agreements and where important information is located –and if you’re not able to name who’s responsible for support from day one, a service outage risks being interpreted as internal trouble, even though the IT department has nothing to do with it.

 

 

Download the Whitepaper from CapaSystems and read more...

Thank you for signing up. You will receive a link to our free Whitepaper in your inbox.

Download free whitepaper regarding security

 

"3 steps to secure the company against data sheft"

 

It is said that a chain is only as strong as its weakest link. Therefore, your weakest link in the IT systems will have to be properly secured. Here are our suggestions for three things that can secure your IT infrastructure.

 

 

Download the Whitepaper from CapaSystems and read more...

Thank you for signing up. You will receive a link to our free Whitepaper in your inbox.