The Privilege Elevation module allows standard users to securely install and run applications needing elevated rights without making the user an administrator. The Allow and Deny policy rules defined by the administrator determine how the privileges are applied to users. Privilege Elevation applies to Windows 10 and higher or Windows Server 2012 and higher machines only.
Use this module along with the Application Restrictions module to provide Application Rights Management (ARM) that enables administrators to securely grant specific users detailed application rights without making them a Windows Administrator.
If the Privilege Elevation rule type equals Application, ProfileUnity can securely elevate an application that requires administrative rights to run without making the user an administrator for their entire session.
Filter
Select the name of the filter you want assigned to this configuration element. Click the Show Filter Details button on the right to review any filter settings without leaving Configuration Management.
Description
Enter a description for this rule.
Type
Select whether to apply privilege elevation to an Installer or an Application.
Action
Select one of the following actions:
- Allow
- Deny
Match
Select the Match condition to test against. Choose from: Contains, Equals, Hash, Starts With, Ends With, or Signed.
Browse Server
If Installer is selected in the Type field, this additional field appears. Enter the name of your server and press Enter to search for valid path names you can click to use in the Value field rather than typing the full path name to the Installer.
Value
Enter the value to test against.
Example
This example will allow non-admin users to install applications signed by Liquidware.
- Filter: No Filter – Apply this to all
- Type: Application
- Action: Allow
- Match: Signed
- Value: Liquidware
