Heimdal™ Privileged Access Management is one of the most advanced Privileged Access Management tools and the only tool to both escalate and de-escalate user-rights. You can use it to give users the ability to install software they need themselves for a period of time you select using the Administrator Session or the Run with Heimdal™ Privileged Access Management option for single file elevation. Rights granted can be revoked any time and actions are logged for a full audit trail. This is the feature that allows an end-user to request admin privileges over his machine by sending a request to the Heimdal Dashboard System Administrator who can deny or accept his request. The length of the session is limited and all his actions are logged into the Heimdal Dashboard.
This module enables the user to request an elevation and use it just as if it was accepted by an administrator through the Heimdal Dashboard.
Heimdal™ Privileged Access Management is enabled in the Settings section and the user needs to select Approval via the Dashboard from the same page as for Auto-mode.
Selecting the Require reason setting will display a popup where the user will have to input the reason for elevation.
The session length slider will define the number of minutes the elevation will last.
The Request admin rights item from the agent right-click menu will also launch the elevation process.
If a reason is required for the elevation, this popup will appear:
The reason should be longer than 2 characters.
If the user clicks Cancel, the elevation process will stop.
If the user clicks elevate the elevation process will continue.
For this option, if the user hits Enter, the request will be sent to the server, and a popup to inform him will appear:
After this step, a routine will start to check every 5 minutes to verify if a request was accepted from the dashboard.
After the request was made, an administrator can approve or deny it from the dashboard. In order to do this, we created a new page with 2 grids, for pending requested elevations and for those elevations that were used, denied or any errors occur.
The page can be accessed from the Home page, on the left side menu, in the bottom, at PRIVILEGES & APP CONTROL section, as in screenshot from below:
By default, the user will see the grid with elevations requested (PENDING APPROVALS), that need approval in order to be used. Still, he has the possibility to navigate to the History grid, by switching between those 2 tabs. For each grid, users can apply sort, search, or filter by date, or export all data to a CSV report.
In the Pending Approvals grid, users can sort or search data by Hostname, Username, or Reason Given.
From here, the clients can approve or deny any action by accessing the Active clients view, under THOR MANAGEMENT category, in left side of dashboard menu, where they need to open the menu for a hostname from those 3 dots near hostname and go to “View Pending Approvals”.
The result can be seen in the screenshot below:
The "Action column' was replaced by a new row, added in both grids for pending approvals, between grid header and grid content. The new row contains a checkbox to select or deselect all items from current page, and 2 buttons to approve or deny selected items. Those 2 buttons are enabled only if there is at least one elevation selected from the list. If the request was accepted, the status will be modified, resulting in an update for the grid:
Also, in Agent, a popup will appear to inform the user that his request was accepted and he can start using the elevation. If an accepted elevation is not consumed in the next 24 hours, it will expire and the user will have to request a new one. Also, once an elevation request was accepted, it can be canceled from the dashboard.
From this moment, we will perform 2 checks every 30 minutes, in order to see if the request was canceled from the dashboard or it has expired. If the elevation was accepted and consumed, these 2 checks will stop.
Also, the same checks are performed when service is started.
If the user will click on Start Now, a new popup will appear to present session length:
In this time span, we will log all processes executed.
In the end, like on the Autopilot mode, the user will be informed that his session has expired at the end of the time.
If the request was denied, a popup will appear, to inform the user about this fact
NOTE: BAT or CMD files cannot be executed during elevation!
1. Replacing elevated processes information from the history grid
The purpose is to replace data about processes executed during an elevation on History grid, for elevations consumed. In this way, all processes from “Program executed” column were replaced by a total count, for each elevation, which represents the number of processes executed. Columns’ size was also modified. We reduced the width for “Program executed”, and increased it for username and reason given.
New view will look like this:
2. Create process details view
For elevations that have at least 1 process executed, user can see more details about each of them in a separate view. In History elevations grid, each number from column “Program executed” (that is different from zero) is a hyperlink to a details page, where are shown a few details about selected elevation and a grid with all processes executed during elevation. All data is received from server paginated.
3. Right now, you have the possibility to select “Run with AdminPrivilege” in the right click context menu, while an elevation is in progress.
If you use Run with AdminPrivilege during elevation, the file will be elevated as part of the session (a new File elevation will NOT be created, and the elevated process will appear as part of the existing elevation).
MOST ESCALATED APPLICATION view
Here are presented some statistics for Admin Privilege requests. In this tab, will be presented a list with all distinct processes executed (processes are differentiated by their full path), the total count for all of them, the hostname that executed the most this process, and the username that used it the most from that hostname.
We can search through the entire list using the search box from the top of the grid. The operation can be performed through process name, hostname, or username.
In the tab view, data can be sorted from each column, in ascendant or descendant order. By default, data is received from server ordered descendants by the total count of each process.
Also, data is paginated.
Please see the screenshot below:
MOST ESCALATED HOSTNAME view
Here are presented some statistics for Admin Privilege requests. In this tab, we will be presented a list with all hostnames, the number of total Admin Privilege requests made from each one, the username that requested the most elevations for each hostname, and the process name that was executed the most number of times for the username described above. We can search through the entire list using the search box from the top of the grid. The operation can be performed through process name, hostname, or username.
In the tab view, data can be sorted from each column, in ascendant or descendant order. By default, data is received from the server ordered descendant by the total count of the number of elevations for each hostname.
Also, data is paginated.
Please see the screenshot below:
Filter devices on Privileged Access Management grid views.
Selecting one device from the device list would filter the entire grid (no need for accessing other values). PENDING APPROVALS - Only Windows/ MacOs HISTORY - Only Windows/ MacOs MOST ESCALATED APPLICATION - Only Windows/ MacOs MOST ESCALATING HOSTNAME - Only Windows/ MacOs
Here is the Heimdal™ Privileged Access Management product overview: