AUTO ELEVATE - FREQUENTLY ASKED QUESTIONS (FAQ)

What is User Account Control (UAC)?

User Account Control was introduced by Microsoft as a solution to the problem of giving all users administrative rights all the time. Users running with a ‘standard’ level of access can perform their day-to-day functions and can supply administrative account rights when required by specific processes. The separation means that if a standard user account is compromised or an attacker gets access to a system directly, they still should not have the access to make changes or install software. More detailed information on UAC can be found here.

When would a user see a UAC prompt?

Most actions that will cause a change to the way a system works will cause a UAC prompt. Most of these settings will have a yellow and blue shield icon to indicate that it will require elevation. See the date and time example below.

The frequency with which each user is required to click though a UAC prompt varies by role. The normal user gets them infrequently, as our software installations and system settings change rarely.

When would a user start to see AutoElevate intercept UAC prompts?

This will vary by use cases and departments. When AutoElevate is initially installed, it will run in audit mode. This mode reports UAC events back to the administrators without preventing the actions of the users. We will monitor the events and create rules ahead of locking down the systems and processes they already use daily.
Once we move to live mode, each user will see prompts and processes as described in the user guide doc HERE.

How does the administrator know what the user is trying to run?

When a request is generated, the administrator is presented with information about the machine, the user logged in, and the process that is being run. The administrator will use this information to allow or deny the software.

What does a user do when they receive a denial when they try to install a new program or change a setting?

There are two reasons they could be denied:
1. The software has been previously denied and has a rule that it is not allowed to run.
  - Denials by rules do not alert the AutoElevate administrators. If you believe you need the setting changed or a program installed, call Mister IT or submit a ticket through the service desk.
2. An administrator denied the process as a one-time event
  - Expect one of the AutoElevate administrators to contact the user directly. A denial means that the admin found the process suspicious enough to stop it. The admin will help users fix the problem, or get the appropriate software installed.