Allowing a known user to elevate specific applications or tasks on demand

http://www.youtube.com/watch?v=-ZrL_rbqYlI

In the video we are logged on a workstation with the TestUser
TestUser is not member of the Local Administrators group
TestUser is member of the custom created local group Access Director

When requesting local administrators access using the tray icon, it will verify that we are a know user that is a member of the local group Access Director. If we are member of the local group we will be elevated for a predefined number of minutes (2 minutes in the example)

When elevated, we can click on any application and RunAs Administrator – we will as always be prompted for our logged on credentials, but this time the application is running with local administration privileges.

When the timer hits 2 minutes, our administration privileges are expired.

This will make it possible ONLY to elevated, when needed and not having to load the full profile with administrative privileges

The tray icon does not require additional rights to run
A local system service will handle all requests
All options are configurable through gpo and/or registry

Read more about latest additions at https://basic-bytes.com