Power and flexibility that helps you meet your privilege security compliance requirements quickly and easily
Streamline privilege credential protection, detection, and response
Cut through the complexity and monotonous task of meeting privilege security compliance requirements and best practice privilege configurations
AutoElevate allows you to easily manage privilege security compliance giving you the tools you need so that you can put together a Plan of Action, tighten up security, and meet compliance requirements. By default, the AutoElevate Agent software is installed, and set to “Audit” mode, which is designed not to change the user experience but will allow you to examine the security disposition of all the machines in your environment.
You then will be able to see if machines are mis-configured, setup incorrectly, not compliant, and running in a way that makes you vulnerable to a business ending security breach.
Minutes after installing AutoElevate you’ll know:
- How many machines have their UAC off
- If UAC is set too low for Administrators
- How UAC is set for end-users
- How many machines are actively being used with Admin privileges
- Which machines have an unusual number of Admins configured
- A log of every action your users are doing which require elevated privileges
Privilege security compliance with just a few clicks, AutoElevate allows for rapid conversion of clients to Standard user privileges and can ensure ongoing enforcement and compliance to your security policies individually and on a computer-by-computer basis, location, company, or globally for all your clients.
AutoElevate works locally on each computer by examining the Local or Domain user accounts that are explicitly part of the local administrator’s group. Users that shouldn’t have admin privileges are automatically moved from the local Administrators group back down to the local Standard users’ group. AutoElevate automates this entire process giving you maximum flexibility to manage privileges without interfering with existing Domain AD groups.
Every UAC event is collected, along with the system state the moment of the event, and is referenced with how over 70+ anti-virus/malware publishers categorize the UAC source. Our easy to use Admin Portal allows you to search, group, filter, and download all the data our Agent collects. You’ll be able to monitor and audit anything that produced a Windows UAC on any client machine regardless of whether or not they made a request for privileges. This effectively let’s you see everything that has been done that required Admin privileges but also anything your users thought about wanting to do with privileges. AutoElevate gives you insight and an “early warning” into risky user behavior or malicious activity making privilege security compliance easy.
Rules can be managed globally for all clients while others can specifically be applied to a company, location, or individual computer. With a few clicks you can duplicate rule-sets from any computer/location/client to any other computer/location/client, allowing you to onboard clients and enforce policies with ease. Elevation rules are applied to applications and actions, not the individual users, and are “weighted” allowing you to ‘dial-in’ privileges for your clients.
These are just a few parts of AutoElevate’s core functionality that help you easily manage privileges and meet your security compliance requirements in just minutes or hours instead of weeks or months. Don’t miss out on the key functionality that hundreds of MSP’s are already enjoying.
See What Your MSP Peers are Saying About AutoElevate
How much does it cost and where do I get it?
AutoElevate is sold exclusively through our Manage Service Provider partners. Use the following links if you would like a partner to contact you with additional details, demo, pricing, or a free trial.
Is AutoElevate hard to deploy?
No. We’ve made it super easy so that it can deployed across your MSP practice in minutes. We’re here to help you every step of the way. AutoElevate is deployed by installing the AEAgent onto workstations. The AEAgent is a small lightweight MSI file which can be deployed silently with just about any RMM tool, System Policies, or manually by your administrators. For your convenience we have published a full set of ConnectWise™ Automate, Kaseya VSA™, Datto RMM™, SyncroMSP™, or PowerShell scripts which can help you deploy the agents throughout your environment within minutes.
How much memory and disk space does the AutoElevate Agent require?
The AutoElevate Agent is very lightweight, consisting of 3 processes that run once a user is logged in. The processes collectively use approximately 40MB of memory and 820KB of disk space. We have not experienced the agent causing any slowness or resource issues and have tested it on machines running with as little as 2GB of memory.
What outbound ports need to be opened on the firewall at our MSP and/or at our client sites?
443 outbound is all that should be required. So if you’re able to go to secure websites you should be OK.
What happens if my technicians don’t respond to a client request before the timer is up?
When the end user has made a request and the timer expires, an additional dialog box will appear that states that the technician is evaluating the request, a ticket has been opened and that they will be notified as soon as a technician responds. When a technician does respond, a new notification appears for the user telling them their request has been approved or denied and allowing them to continue the installation or with additional ticket information.
Does AutoElevate enter in my admin password for end users?
No. AutoElevate does not store, use, or modify your Admin credentials. AutoElevate gives you the choice on any rule or elevation request to use either an ‘over-the-shoulder’ style Admin elevation or to elevate with the context of the currently logged in user. AutoElevate interacts with the UAC directly when an elevation of an approved process is required, allowing for compatibility and elevation of complex applications. Credentials are not stored in a database or transmitted over the network making security tighter, faster, and easier to manage.
How does AutoElevate work?
AutoElevate automates Windows UAC prompts for MSPs. Our software Agent service works in the background to apply proactive elevation rules to each UAC event or to notify a technician through one of our PSA ticketing integrations, Windows notifications, or via our AutoElevate Mobile App (or all 3). Technicians can quickly and easily evaluate the request and build rules to either accept or deny the requested installer, application, update, or system action which can be allowed just one time, for just this single computer, for a group of computers, a whole client, or for all of the computers under your management. For more detailed information on how the AutoElevate system works please sign-up and visit our support site.
Are approvals app based or version based?
Approvals can be done based on either MD5 hash or a combination of information from the verified publisher certificate, name, and path. By identifying the file in these various ways, approvals or denials can successfully take place regardless of where the file originates and for a wide range of scenarios and requirements. Core applications and/or updates for applications such as Quickbooks™, Zoom™, or UPS WorldShip™ (or countless others) can be approved. With PAM automation you now have options.
Will adjustments need to be made to our installed antivirus?
None. AutoElevate works well with other solutions in your solution stack.
Am I charged for extra technicians?
With the release of the Enhanced Technician Mode features in 2020 each agent tier includes a corresponding number of technician user licenses with some licensing tiers including unlimited technician users. Currently, to have additional user licenses requires moving into a higher tier which includes the desired number of User (technician) licenses.
Who receives the notifications from end users?
All technicians that have the Mobile Notification app installed will receive notifications from your clients. They can quiet the notifications by adjusting notifications on their phones.
MSPs that use PSA ticketing integration (Autotask PSA, ConnectWise Manage, Kaseya BMS, & Syncro) can view notifications and approve or deny elevation requests directly in their PSA tickets. Tickets generated by AutoElevate have custom statuses which can be used to build customized notifications from within the ticketing systems. Requests can also be viewed and responded to from within the Admin Portal.
By enabling browser notifications technicians have easy 1-click access to approve or deny requests and receive notifications on their macOS or Windows computer desktops directly.
Do I have to have my own on-premise server?
No. AutoElevate is a cloud based service and software platform. All you have to have to get started is a license key and instructions. We maintain the server, the mobile apps, security, updates, and web portals.