nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

temporary admin rights for endusers ("admin by request")

rgn

hello everyone!

wouldn't it be great if ARM would extend its feature set, so that endusers can request (temporary) local admin rights on their endpoints?

we have some employees (lets call them dev's) who sometimes need to be able to install software. permanently granting local admin rights to users is sub-optimal, and they don't always want to open a support-ticket and wait until they get the permissions needed, which is somewhat understandable as well

now, there would be a SaaS solution like "admin by request", but if you already have a product like ARM in use, it would be great if the existing system with its workflows, could be extended by this feature

so the idea would be that users (which ideally these can be limited by specific groups) can request this like other resources via the web-interface

a customizable workflow where the users explains why he needs the permission, with a disclaimer that this will be documented etc. will start, going through the defined approvers (who can add comments and/or change duration) and once finished, grants the user local-admin rights on the endpoint the request originated from (or selectable)
once a given default time is over, the permissions are automatically revoked again
the whole transaction will be documented in the system, and can be reviewed in reports (maybe even autogenerated reports for the user's manager and it) for audit purposes

this would require the possibility for the arm-service account to change group membership on the endpoints of course, which should not be an issue within a domain/forest
it would also extend the feature of "local accounts" scans from servers to "all" (selectable OU) endpoints within a domain/forest of course

i would love to see this featuer (the sooner the better) as part of the product, since this allows to rely on available on-premise resources, rather than a SaaS provider with an installed agent on endpoints
also, parts of the required functions are already there (workflows, 'server-scans' for local admins)

please, dear fellow ARM customers, upvote this feature request, or add comments anytime

Find more posts tagged with

Active

local admin

administrator rights

permissions

Status: Active

Comments

There are no comments yet

Quick Links

All Categories
Recent Posts
Activity
Unanswered
Groups
Help
Best Of