In order to have a good experience using the HEIMDAL™ Security services and the HEIMDAL™ Privileged Access Management module, we recommend you take a look at the following information:
Heimdal™ Privileged Access Management is one of the most advanced Privileged Access Management tools and the only tool to both escalate and de-escalate user rights. You can use it to give users the ability to install software they need themselves for a period of time you select using the Administrator Session or the Run with Heimdal™ Privileged Access Management option for single file elevation. Rights granted can be revoked any time and actions are logged for a full audit trail. This is the feature that allows an end-user to request admin privileges over his machine by sending a request to the Heimdal Dashboard System Administrator who can deny or accept his request. The length of the session is limited and all his actions are logged into the Heimdal Dashboard.
Run with AdminPrivilege
If you activated the Run as Administrator feature, the following item will appear in the windows right-click menu for .msi and .exe files:
When clicking on the item, if the “Require reason” setting is set in the group policy, the following popup will appear:
After clicking elevate, depending on the setting in the group policy, either a request will be sent to the server, and the following popup will appear:
Or the file will be run automatically and the following popup will appear:
This module enables the user to request an elevation and use it just as if it was accepted by an administrator through the Heimdal Dashboard.
Heimdal™ Privileged Access Management is enabled in the Settings section and the user needs to select Approval via Dashboard from the same page as for Auto-mode.
Selecting the Require reason setting will display a popup where the user will have to input the reason for elevation.
The session length slider will define the number of minutes the elevation will last.
The Request admin rights item from the agent right-click menu will also launch the elevation process.
If a reason is required for the elevation, this popup will appear:
The reason should be longer than 2 characters.
If the user clicks Cancel, the elevation process will stop.
If the user clicks elevate the elevation process will continue.
For this option, if the user hits Enter, the request will be sent to the server, and a popup to inform him will appear:
After this step, a routine will start to check every 5 minutes to verify if a request was accepted from the dashboard.
After the request was made, an administrator can approve or deny it from the dashboard. In order to do this, we created a new page with 2 grids, for pending requested elevations and for those elevations that were used, denied or any errors occur.
The page can be accessed from the Home page, on the left side menu, at the bottom, at the Privileges & App Control section, as in the below screenshot:
By default, the user will see the grid with elevations requested (PENDING APPROVALS), that need approval in order to be used. Still, he has the possibility to navigate to the History grid, by switching between those 2 tabs. For each grid, users can apply sort, search, or filter by date, or export all data to a CSV report.
In the Pending Approvals grid, you can sort or search data by Hostname, Username, or Reason Given.
From here, you can approve or deny any action by accessing the 3 dots near the hostname and go to View Pending Approvals.
After the request has been granted, in the Agent, a popup will appear to inform the user that his request was accepted and that he can start using the elevation. If an accepted elevation is not consumed in the next 24 hours, it will expire and the user will have to request a new one. Also, once an elevation request was accepted, it can be canceled from the dashboard.
From this moment, we will perform 2 checks every 30 minutes, in order to see if the request was canceled from the dashboard or it has expired. If the elevation was accepted and consumed, these 2 checks will stop.
Also, the same checks are performed when service is started. If the user will click on Start Now, a new popup will appear to present the session length:
In this time span, we will log all processes executed. The user will be informed that his session has expired at the end of the time.
If the request was denied, a popup will appear, to inform the user:
- BAT or CMD files cannot be executed during elevation!
- If you use Run with Privileged Access Management during elevation, the file will be elevated as part of the session (a new File elevation will NOT be created, and the elevated process will appear as part of the existing elevation).
Most Escalated Process View:
Here are presented some statistics for Privileged Access Management requests. In this tab, will be presented a list with all distinct processes executed (processes are differentiated by their full path), the total count, the hostname that executed most of the processes, and the username that used it the most from that hostname.
You can search through the entire list, using the search box from the top of the grid. The operation can be performed through process name, hostname, or username.
In the tab view, data can be sorted from each column, in ascendant or descendant order. By default, data is received from the server, ordered descendants by the total count of each process. Also, data is paginated.
Most Escalating-Hostname View
Here are presented some statistics for Privileged Access Management requests. In this tab, you will find a list with all hostnames, usernames, the number of total Privileged Access Management requests made from each one, and the process name that was executed the most number of times.
You can search through the entire list using the search box from the top of the grid. The operation can be performed through process name, hostname, or username.
In the tab view, data can be sorted from each column, in ascendant or descendant order. By default, data is received from the server, ordered descendant by the total count of the number of elevations for each hostname. Also, data is paginated.
Here is the Heimdal™ Privileged Access Management product overview: