Securden Privilege Manager Features

Grant Temporary Administrator Rights using Just-in-Time Access

Granting standing admin access contributes to many cybersecurity risks for organizations. Research suggests that more than 90% of all vulnerabilities in the Windows operating system can be successfully mitigated by removing standing local admin rights.

Removing local admin rights straight away can grind productivity to a halt as many legacy software require admin rights to run, developers might need the permissions to install new packages and test their latest piece of code, helpdesk users might need admin rights to troubleshoot issues for users.

To address the need for the permissions carried by a local admin inside an organization and keep the threats and vulnerabilities associated with a local admin account, Securden Endpoint Privilege Manager provides a time-limited, temporary admin access facility.

Just-in-Time Admin Access

Instead of granting administrator access permanently, Securden Endpoint Privilege Manager provides a way for users to raise requests when they need admin rights. The user must provide the required start and end time of elevated access along with proper justification for raising the request.

If the request is approved, the users can avail the elevated permissions and carry out the tasks they need to do. Once the permitted time for elevated access elapses, the permissions will be automatically revoked.

Self-Service Request Portal

If users are raising tickets on your ticketing system and waiting for the helpdesk admins to handle it, organizational efficiency goes down as users don’t progress with the task while they wait.

With Endpoint Privilege Manager, your standard users have access to a self-service agent using which they can raise a temporary, time-limited temporary local admin access request.

Automatically Delete New Admin Accounts

Users can create new admin accounts when they have temporary admin rights on their endpoints. Securden Endpoint Privilege Manager helps identify any new local admin account that is created during a temporary elevated session and remove the newly created admin account.

Frequently Asked Questions on Temporary Administrator Access

How to grant temporary admin access in Windows 11?

In Windows 11, you can grant temporary admin access by using LAPS or an Endpoint Privilege Manager. You must maintain a separate local admin account and manage the passwords using LAPS. You will be sharing your admin account’s credentials with the user who needs temporary admin rights. On the contrary, EPM works by modifying the local admin group by temporarily adding the user to the local admin group and removing them once the task is complete.

Between LAPS and endpoint privilege manager, which is the secure way to grant temporary admin access?

While Legacy LAPS and Windows LAPS involve the risky practice of sharing admin account credentials, EPM solutions temporarily add the user account to the local admin group and move the user back to the standard user group once the timer runs out.

Endpoint Privilege Managers are more secure than LAPS for granting temporary admin access

How to securely add a user to the local admin group on their computer temporarily?

You can add a user to the local admin group and remove them manually if you have the required permissions on the device or your Active Directory domain. However, it is very common to forget to remove the user from the local admin group. It is better to automatically demote the temporary admin from the local admin group.

How to automatically revoke admin rights after temporary admin access?

You can make use of an Endpoint Privilege Manager to automatically revoke admin rights after the time limit expires. The user will be removed from the local admin group automatically and will go back to the to which they group originally belong.

Watch Securden EPM in action.

Book a demo and watch how Securden helps manage admin rights on Mac endpoints.

Book a Demo

What's next?

Request a Demo Get a Price Quote

Thanks for sharing your details.
We will be in touch with you shortly