Online criminals hate us. We protect you from attacks that antivirus can't block.

Thor AdminPrivilege

Thor AdminPrivilege is one of the most advanced Privileged Access Management tools and the only tool to both escalate and de-escalate user-rights. You can use it to give users the ability to install software they need themselves for a period of time you select using the Administrator Session or the Run with AdminPrivilege option for single file elevation. Rights granted can be revoked any time and actions are logged for a full audit trail. This is the feature that allows an end-user to request admin privileges over his machine by sending a request to the Heimdal Dashboard System Administrator who can deny or accept his request. The length of the session is limited and all his actions are logged into the Heimdal Dashboard.

This module enables the user to request an elevation and use it just as if it was accepted by an administrator through the Heimdal Dashboard.

Thor AdminPrivilege is enabled in the Settings section and the user needs to select Approval via the Dashboard from the same page as for Auto-mode.

Screenshot_3.png

Selecting the Require reason setting will display a popup where the user will have to input the reason for elevation.

The session length slider will define the number of minutes the elevation will last.

The Request admin rights item from the agent right-click menu will also launch the elevation process.

1.png

If a reason is required for the elevation, this popup will appear:

2.png

The reason should be longer than 2 characters.

If the user clicks Cancel, the elevation process will stop.

If the user clicks elevate the elevation process will continue.

For this option, if the user clicks on the Elevate button, the request will be sent to the server, and a popup to inform him will appear:

3.png

After this step, a routine will start to check every 5 minutes to verify if a request was accepted from the dashboard.

After the request was made, an administrator can approve or deny it from the dashboard. In order to do this, we created a new page with 2 grids, for pending requested elevations and for those elevations that were used, denied or any errors occur.

The page can be accessed from the Home page, on the left side menu, in the bottom, at THOR ADMIN PRIVILEGE section, as in screenshot from below (marked with a red circle):

4.png

By default, the user will see the grid with elevations requested (PENDING APPROVALS), that need approval in order to be used. Still, he has the possibility to navigate to the History grid, by switching between those 2 tabs. For each grid, users can apply sort, search, or filter by date, or export all data to a CSV report.

In the Pending Approvals grid, users can sort or search data by Hostname, Username, or Reason Given.

From here, any request can be accepted or denied by performing a single click on any button from the Action column.

5.png

If the request was accepted, the status will be modified, resulting in an update for the grid.

6.png

Also, in Agent, a popup will appear to inform the user that his request was accepted and he can start using the elevation. If an accepted elevation is not consumed in the next 24 hours, it will expire and the user will have to request a new one. Also, once an elevation request was accepted, it can be canceled from the dashboard.

7.png

From this moment, we will perform 2 checks every 30 minutes, in order to see if the request was canceled from the dashboard or it has expired. If the elevation was accepted and consumed, these 2 checks will stop.

Also, the same checks are performed when service is started.

If the user will click on Start Now, a new popup will appear to present session length:

8.png

In this time span, we will log all processes executed.

In the end, like on the Autopilot mode, the user will be informed that his session has expired at the end of the time.

9.png

If the request was denied, a popup will appear, to inform the user about this fact

10.png

NOTE: BAT or CMD files cannot be executed during elevation!

MOST ESCALATED APPLICATION view 

Here are presented some statistics for Admin Privilege requests. In this tab, will be presented a list with all distinct processes executed (processes are differentiated by their full path), the total count for all of them, the hostname that executed the most this process, and the username that used it the most from that hostname.

We can search through the entire list using the search box from the top of the grid. The operation can be performed through process name, hostname, or username.

In the tab view, data can be sorted from each column, in ascendant or descendant order. By default, data is received from server ordered descendants by the total count of each process.

Also, data is paginated.

Please see the screenshot below:

 123.png

MOST ESCALATED HOSTNAME view

Here are presented some statistics for Admin Privilege requests. In this tab, we will be presented a list with all hostnames, the number of total Admin Privilege requests made from each one, the username that requested the most elevations for each hostname, and the process name that was executed the most number of times for the username described above. We can search through the entire list using the search box from the top of the grid. The operation can be performed through process name, hostname, or username.

In the tab view, data can be sorted from each column, in ascendant or descendant order. By default, data is received from the server ordered descendant by the total count of the number of elevations for each hostname.

Also, data is paginated.

Please see the screenshot below:

3456.png

Here is the Thor AdminPrivilege product overview:

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.