Kaseya Community

admin rights for running specific programs

  • Hi,

    i'm writing here because i have a question. Until now in the firm where i work, all the machine have local admin rights. But in a couple of weeks admin rights will be removed.

    I want to know if is possible - through Kaseya - to give admin-rights to standard user when him open specific programs whom needed admin-rights to be run. i want to be sure that my request is clear: whenever the standard user wants to run a program - that needed admin rights - is able to run it.

    I wish i have been clear, thanks for the support


  • Hi Mauro

    I suspect it will be more a case, of finding out what specific rights the program needs to run, and giving those rights to the user.



  • I don't believe there is anything secure you can do other than give them a local admin account that they would log on as when starting that program.....ie user clicks on program, windows security pops up asking for admin credentials, they log in using a different (admin) account.    Potential issues with this that I see off the top of my head are....

    1.) User trying to use that account for initial login bypassing the security you are trying to add

    2.) Issues with the program as it is now running under a different user profile

    Is there not a way to adjust security on the PC such that the program can run as a normal user?  This can be messy with some apps but with others it is as simple as giving one user write access to a specific folder buried somewhere under C:\Windows

  • We use a procedure that adds the user to the local admin group, then notifies them that they have 15 minutes to log off and back on. That procedure then schedules another procedure to run in 15 minutes to remove them from the local admin group. That procedure then tells them that they have 15 minutes to complete their admin task/install before they will be logged off. A third procedure is scheduled to run in 15 minutes which logs off the active user. This grants admin rights for at most 30 minutes - the timing can be adjusted as needed.

    The user must log off and back on to gain admin rights. They are then forcibly logged off after a specific time period to terminate their admin rights. When they log back in, they are no longer members of the admin group.