Privileged Access Management (PAM) software designed for MSPs and IT Pros
AutoElevate™ is a PAM solution that cost effectively allows you to remove local admin rights and secure your clients with least privilege without frustrating your end users.
Endpoint Privilege Management in one touch...
- Secure servers & workstations by removing local Admin rights without frustrating end users
- Improve your service while increasing technician performance
- Reduce an attacker's ability to exploit a majority of known vulnerabilities
Endpoint Privilege Management Is the Key to Network Security Because Security Is Only as Strong as the Weakest Link
By removing local Admin rights and employing endpoint privilege management you will immediately enhance all your cybersecurity efforts. Privileged Access Management (PAM) is one of the best ways to help stop malware and thwart attackers. Some estimates say that having users run with Standard privileges can help mitigate 94% or more of Microsoft vulnerabilities.
Can you afford to ignore privileged access management which could easily tighten your security?
Often we don’t remove local Admin rights because of the possibility of it leading to productivity issues that would frustrate users when privileges are needed most.
AutoElevate™ easily secures users across all of your environments within a few short minutes seamlessly without anyone losing productivity.
Privileged Access Management (PAM) Is Essential to Security
Malicious actors are seeking to compromise large numbers of computers. In many cases attacks occurred across multiple MSPs and Enterprise organizations, affecting ALL of their clients simultaneously. Forensic analysis of these attacks revealed that they were breached using relatively un-sophisticated methods which could have been avoided with basic endpoint privilege management best practices.
Privileged Access Management Solution That Works Hand-in-Hand With Your MSP’s PSA Solution
Automated time entries and ticket creation directly into ConnectWise Manage, Kaseya BMS, Autotask, SyncroMSP, & RepairShopr.
Privilege Access Management or “PAM” are solutions that help manage, secure, monitor and restrict privileged access in companies’ environments. Security starts when users are controlled on what they can access on their computer, which is why effective privilege access management is critical.
In most cases, privileged users reveal administrative data by mistake. This is why users with admin rights are viewed as the biggest internal threat risk.
Why Does Privilege Access Management Matter?
Privileged accounts are the “keys to the kingdom,” making them the top target of any attacker seeking to gain access and move anywhere within your clients’ network. It comes as no surprise that many major cyber-attacks involved the compromising of employee access as in the recent Twitter™ attack (source)
Attackers have a variety of methods to gain the initial foothold on a target machine and then escalate their privilege. Some methods are possible with users operating with Standard privileges after which privilege is escalated to Admin rights by exploiting vulnerabilities either known or unknown. Otherwise, attackers are looking for users already operating with Admin privileges to successfully carry out their attack.
In any case, If a bad guy can get access to 1 machine operating with local Admin rights, they most likely have everything they need to gain full access to the domain network. All privileged accounts are highly sensitive assets in any organization and securing admin rights should be taken seriously.
Does your PAM offering include the following?
- Enforces the principle of least privilege in a way that clients love?
- All events color-coded, checked against VirusTotal™ and summarized for technicians?
- An audit mode to instantly examine the security disposition of machines?
- Ability to download all data the agent collects to gather actionable insights?
With the AutoElevate Privilege Access Management (PAM) tool you can:
- Approve Applications and Actions in Real-Time ‘on-the go’
- Make whitelisted rules for line of business applications for computer, group or company
- Monitor, configure, and automate UAC settings so that applications run with the right amount of privilege
- Manage elevation of anything requiring an elevated Windows credential
Privilege Access Management- Some Fascinating Facts
- Regular employees (56%) and privileged IT users (55%) pose the biggest insider security risk to organizations, followed by contractors (42%)
- Cybersecurity professionals perceive that the top enablers for insider attacks are too many users with access privileges (source)
AutoElevate is the simplest Privileged Access Management tool for MSPs and IT Pros. With AutoElevate you can manage and secure admin rights, control applications on endpoints and empower your technician staff to monitor and analyze privilege requests at a touch of a button.
You’ll be able to make approvals for a specific line of business applications, installers, updates, or anything else requiring elevated privileges in just a few seconds and right when users need it the most. Don’t just take our word for it, read what your peers are saying about AutoElevate.
Privileged Access Management for All in a Few Clicks
Across all your clients you can easily find and fix machines that have the UAC turned off, UAC set too low, machines with numerous local Admins and/or that are currently operating with Admin privileges, and all UAC events & activity. Easily see where security adjustments are needed and then adjust UAC settings and privileges to secure endpoint machines in just a few clicks.
Automatically remove local admin privileges by converting local admin users to standard users in a matter of minutes WITHOUT frustrating users or having them lose productivity.
Control elevation of Application & MSI installs, usage of new or legacy applications requiring Admin privileges, protected system actions, Comm objects (CLSIDs), and MMC plugins on the entire family of Microsoft Windows workstation and server operating systems.
The Admin Portal allows you to quickly identify areas for improvement and take action. Log and Audit every UAC event and use of privilege, Turn Windows UAC on/off, change UAC levels, define applications that can run with elevated privileges, and convert users from Admin users to Standard users in just a few clicks.
ENDPOINT PRIVILEGE MANAGEMENT With Only 1 Touch FROM Your Engineering Staff:
Using your compatible PSA ticketing system AutoElevate automatically creates new tickets & time entries, or updates existing ones directly with all the important info of each interaction such as the logged in user, machine security disposition, status, application publisher certificate details, application risk, & outcome.
Technicians can define rules with a single tap or click, “on-the-fly” in real-time, during responses to client requests or in our Admin Portal using our robust rules engine with data driven from captured events. Rules can be based on a combination of various criteria and applied to a computer, group of computers, single company, or your entire MSP practice.
Define, edit, and implement elevation rules, approve or deny elevation requests in real-time, audit elevation events, harden client computers, and more -all from your favorite browser.
Technicians can create, open, close, or update tickets & time entries directly into your PSA ticketing solution from any machine using auto-populated data all without the cumbersome process of logging in. Ticketing and time entry is also automatic with response to any privilege request so you can avoid letting billable hours get lost.
Respond to clients from our mobile app on the go with single touch Real-Time rule building, evaluation of requests, and approval or denials. You can also use elevated privileges on any client machine fast, easy, and securely by simply scanning a QR code from the mobile app to initiate a Technician mode session. No more having to type passwords all day long or lug a laptop with you everywhere you go so that you can be available to assist clients because now PAM can now be done effortlessly on the go from your iOS or Android devices.
“AutoElevate has proven to be the most cost-effective and straight-forward solution for bringing privilege escalation to our clients at NCG. This is the only tool in our stack that made another MSP partner say “Wow, what was that?!” when seen on a remote session.
I would recommend AutoElevate to any MSP feeling the pain of privilege management. We are thrilled to have them in our stack."
“I wanted to let you know that one of our clients was attacked last night. Fortunately for us, we had AutoElevate installed so we could see what account was compromised, and eliminate the issue almost immediately. Bravo to you guys!! Because of AutoElevate, we prevented hours of pain for all parties.”
“AutoElevate has been really easy to work with. Requests that would have taken technicians a long time now just takes minutes. We’ve been able to whitelist a lot of known applications, so our clients are happy and actually feel like they have more control than before. AutoElevate works! It’s nice to buy something and it works as advertised. It’s been a very nice value ad for us.”
“I didn’t ‘get it’ before but HOLY COW Ticketing in Technician Mode is awesome!”
“In today's world of darkweb and malware threats - every IT professional should be utilizing AutoElevate because they can lock everything down and not create a huge volume of work. Locking everything down (with no exceptions) has made a world of difference. However, prior to AutoElevate it also meant that no one could update anything which generated a lot of ticket volume for our practice. When we discovered AutoElevate it literally made this issue go away overnight. Now when our customers go for an update, the technician can create a rule, approve or deny the request right from their phone and we never have to hear from them. It has cut our ticket volume by 65%. Our clients love it because they are interested in speed and efficiency.”
"I have to be honest, since I moved to AutoElevate, I haven’t used an Admin password on a workstation. I trialed it for 2 days and then told the owner I’d buy it out of my pocket if he said no. Seriously, though, AutoElevate is just what Admin access should be. I have to say, for me it’s by far the most cost effective tool I have."
“With AutoElevate our clients get to do what they want to do quicker so they’re happy!... My Technicians say it does all the right things… Clients are not doing anything we don’t know about and if they try to do something, we’ll see it!... AutoElevate allows us to respond quickly, no log in and it’s automatic.”
This is an excellent product that is saving us time, creating efficiencies around operations and most of all securing our clients environments. Ever get the call from the business owner that "needs" local admin rights to install software whenever he wants? This provides a solution for that - a good one.
Auto Elevate is a great tool that instantly lowered calls for basic installs to our helpdesk. It allowed us to resolve some issues with certain client apps requiring local admin as well. The integration works great with our triage & helpdesk process. Todd & the team are also VERY responsive which is nice for something that has become part of our core stack.
“We have mortgage companies which utilize a Line of Business software that needs continual updates. This has been a nightmare for my team, getting calls to remote in and get credentials takes time and coordination. If the updates aren’t done and pop ups are ignored, their software can become out of sync with the rest of the company. With AutoElevate this problem has completely disappeared.
AutoElevate saves so much time compared to taking a call, opening a ticket, jumping on their machine and waiting with them because then they want you to wait on the phone with them for the install to complete. With AutoElevate you can pre- approve, hit yes, and go. In our industry the more time you can save the better and AutoElevate allows technicians to focus on other more important things.
From a security standpoint it is a great tool! It gives us notification immediately, if a UAC pops up previously it was hard to know what your clients where trying to do, that’s not the case anymore.
If you are an MSP looking to increase prices with some clients look to AutoElevate for more value, it offers increased end point security and they can be more productive with automatic updates”
NOW THERE IS A WAY TO MANAGE ADMIN PRIVILEGES THAT WON’T MAKE YOUR CLIENTS HATE YOU
No more building complicated policies, rolling a truck to stand over your client’s shoulder and enter admin credentials, or having to coordinate a good time to remote into their machines.
“AutoElevate is like remote control + auto-pilot for end user privileges rolled into one”
Privilege management for MSPs has to be easy, keep clients happy, provide instant ROI, and not just be one more complicated and expensive system to manage.
Now with AutoElevate’s patent-pending Real-Time Privilege Management system that goal can be a reality.
Finally, there is a way to keep your client environments secure, keep end users happy, reduce risk for your practice, and reduce workload on your technicians.
GET "HANDS ON" With a Free Trial
No Credit Card Required - Nothing To Re-Install Or Change If You Switch To a Purchased License
DO YOU HAVE ANY QUESTIONS?
Is AutoElevate hard to deploy?
No. We’ve made it super easy so that it can deployed across your MSP practice in minutes. We’re here to help you every step of the way. AutoElevate is deployed by installing the AEAgent onto workstations. The AEAgent is a small lightweight MSI file which can be deployed silently with just about any RMM tool, System Policies, or manually by your administrators. For your convenience we have published a full set of ConnectWise™ Automate, Kaseya VSA™, Datto RMM™, SyncroMSP™, or PowerShell scripts which can help you deploy the agents throughout your environment within minutes.
How much memory and disk space does the AutoElevate Agent require?
The AutoElevate Agent is very lightweight, consisting of 3 processes that run once a user is logged in. The processes collectively use approximately 40MB of memory and 820KB of disk space. We have not experienced the agent causing any slowness or resource issues and have tested it on machines running with as little as 2GB of memory.
What outbound ports need to be opened on the firewall at our MSP and/or at our client sites?
443 outbound is all that should be required. So if you’re able to go to secure websites you should be OK.
What happens if my technicians don’t respond to a client request before the timer is up?
When the end user has made a request and the timer expires, an additional dialog box will appear that states that the technician is evaluating the request, a ticket has been opened and that they will be notified as soon as a technician responds. When a technician does respond, a new notification appears for the user telling them their request has been approved or denied and allowing them to continue the installation or with additional ticket information.
Does AutoElevate enter in my admin password for end users?
No. AutoElevate does not store, use, or modify your Admin credentials. AutoElevate gives you the choice on any rule or elevation request to use either an ‘over-the-shoulder’ style Admin elevation or to elevate with the context of the currently logged in user. AutoElevate interacts with the UAC directly when an elevation of an approved process is required, allowing for compatibility and elevation of complex applications. Credentials are not stored in a database or transmitted over the network making security tighter, faster, and easier to manage.
How does AutoElevate work?
AutoElevate automates Windows UAC prompts for MSPs. Our software Agent service works in the background to apply proactive elevation rules to each UAC event or to notify a technician through one of our PSA ticketing integrations, Windows notifications, or via our AutoElevate Mobile App (or all 3). Technicians can quickly and easily evaluate the request and build rules to either accept or deny the requested installer, application, update, or system action which can be allowed just one time, for just this single computer, for a group of computers, a whole client, or for all of the computers under your management. For more detailed information on how the AutoElevate system works please sign-up and visit our support site.
Are approvals app based or version based?
Approvals can be done based on either MD5 hash or a combination of information from the verified publisher certificate, name, and path. By identifying the file in these various ways, approvals or denials can successfully take place regardless of where the file originates and for a wide range of scenarios and requirements. Core applications and/or updates for applications such as Quickbooks™, Zoom™, or UPS WorldShip™ (or countless others) can be approved. With PAM automation you now have options.
Will adjustments need to be made to our installed antivirus?
None. AutoElevate works well with other solutions in your solution stack.
Am I charged for extra technicians?
With the release of the Enhanced Technician Mode features in 2020 each agent tier includes a corresponding number of technician user licenses with some licensing tiers including unlimited technician users. Currently, to have additional user licenses requires moving into a higher tier which includes the desired number of User (technician) licenses.
Who receives the notifications from end users?
All technicians that have the Mobile Notification app installed will receive notifications from your clients. They can quiet the notifications by adjusting notifications on their phones.
MSPs that use PSA ticketing integration (Autotask PSA, ConnectWise Manage, Kaseya BMS, & Syncro) can view notifications and approve or deny elevation requests directly in their PSA tickets. Tickets generated by AutoElevate have custom statuses which can be used to build customized notifications from within the ticketing systems. Requests can also be viewed and responded to from within the Admin Portal.
By enabling browser notifications technicians have easy 1-click access to approve or deny requests and receive notifications on their macOS or Windows computer desktops directly.
Do I have to have my own on-premise server?
No. AutoElevate is a cloud based service and software platform. All you have to have to get started is a license key and instructions. We maintain the server, the mobile apps, security, updates, and web portals.