Transcript
Glenn here with ScreenConnect, and today I want to talk to you about our Privileged Access Management tool. This is how we handle UAC elevations and pretty much allowing you to automate the entire process as well as, from a security standpoint, setting users up with an ephemeral local admin for just operating by the principle of least privilege access and really locking down your security environment. So I will dive right in here, and the first thing I will cover is the UAC elevations. So let me just hop in a session here. Okay so what this looks like from the end user's perspective is, I'll just use notepad because it's right on my desktop, but they would right click, run as administrator, and as you can see here, we inject ourselves into this dialog. You can also input a reason right here. So let's just say they would like to update this program, and they would click this little blue arrow, and as you can see, you get a notification to the session as well as this privileged access shield right here. So once you click into this thread, you will get more information about the prompt. So program name, publisher, certificate thumbprint, and you can take action on it from here. So if you know what it is, you can approve it, deny it, whatever you want to do. You also have the ability to do that from within the session, just another call out. If you need more information about the request, you can first click on this node, which is a virus total integration, and this will run it against, I believe it's about 80 antivirus, to see if there's any known threats. So in this case, notepad, looks like it's good to go. Then what I would do is come to this middle node, this is the awesome part. So you can click on this middle node, and then create a rule. So this is basically saying, if these conditions are met, then take this action. So for this case, we can auto approve it. I will create that rule, I will approve this one, and then the next time this is encountered, run as admin, update, and then boom, no action is needing to be taken on that. Rules are stored under admin, automations. So if you're looking for those, that's where they are stored. And as you can see, this is the one I just created today, which we don't need. So just for cleanup, I'm going to delete that one. Okay, the second part of privileged access management is the creation of a temporary local admin. And this looks very similar. We inject ourselves here on the lock screen. So you send your control, delete, and you will have an additional option at the bottom that is screen connect, passwordless administrative logon. So very similar workflow, you could just send this request, now this is your technician performing this function. And you can see it's waiting for an approval. So you would just navigate back to that specific machine, there's your notification, and approve or deny. Again, for this, I will just deny it. But it is great because what's happening here is it's creating a temporary, long tail password. It's like 256 character AES encrypted, so very secure. When that technician is done with that session, then you can basically remove those credentials. So just really, really locking down your environment tight. Okay, last thing I want to cover here is the dashboard. So you'll navigate to admin and then privileged access. I love, I'm a data guy, so I love these graphs here. So this is going to just give you some information about the end user access, how many of these elevation prompts were encountered, how many of these admin logons were encountered, how many endpoints do you have PAM assigned to, and then even rules versus manual approvals and top elevation responses by application. So for another example, let's say you see 100 requests for Adobe Creative Cloud, and they're mostly manual approvals, then it's like, okay, well, maybe it's time to set up a rule for that, save my team a bunch of time. If you click on settings up here, this is where you would actually make these things visible. So for UAC elevation, you click edit, you can make it visible in all session groups, or if you select a percentage of PAM, you can have it in a specific session group or with host connected. So making the reason field visible, all of this is configurable as well as the administrative logon. So visible on lock screen, that's where you would make this visible with host connected, session group, et cetera. So there you have it. That's our ScreenConnect privileged access management tool in a nutshell. I hope this video was helpful. Be sure to click the like button and shoot me a follow on my YouTube channel for more great ScreenConnect tips and tricks. Cheers.
