Learn
Documentation
Support
Community

Usage guide: Manage local admin permissions

This page outlines various ways to use the pack, including use case examples.

Administrators can refer to the Configuration guide: Manage local admin permissions to set up and customize the installed content.

The Manage local admin permission library pack enables IT teams to:

  • Automate the approval and revocation of local admin rights.

  • Reduce the risk of security breaches by ensuring admin access is strictly temporary.

  • Improve IT operational efficiency by minimizing manual intervention.

  • Strengthen compliance with IT policies through automated logging and auditing.

  • Provide employees with a seamless and timely process for requesting admin privileges.

Library pack uses

Jump to Use cases on this page to see relevant scenario applications.

Use the library pack content for the following purposes.

Visibility

This library pack focuses on the Manage local admin permission workflow. It streamlines the process of granting and revoking temporary local administrator privileges. All actions are logged in the IT service management (ITSM) ticketing system, ensuring a complete audit trail for compliance and security purposes.

Workflow triggering

This workflow is designed to be initiated on a specific device during a support call with an employee or in response to a request for temporary local admin privileges. It can be triggered from device view (as shown below) or Amplify. The workflow utilizes the Incident number parameter to track progress.

Predefined workflow structure and steps

The Manage local admin permission workflow follows a defined sequence to assign local admin rights and automatically revoke them after a specified duration.

  1. ITSM ticket verification. The workflow checks whether a ticket number is provided. If a ticket number exists, the workflow retrieves the corresponding sys_id from ServiceNow.”

  1. Approval request. The workflow identifies the requester’s manager and sends a Microsoft Teams message seeking approval. The message includes the employee’s name and a prompt for approval.

  1. Admin rights provisioning. If the manager approves the request, the workflow triggers a remote action to add the requester to the local admin group on the device. The requester is notified via Microsoft Teams, and the ITSM ticket is updated with approval details.

  1. Admin rights revocation. After a predefined period, the workflow automatically invokes the remote action to remove the user from the local admin group. A final notification is sent to the requester confirming the revocation of admin rights, and the ITSM ticket is updated and closed to reflect the completion of the process.

RELATED TOPICS

Last updated

Was this helpful?