Give us a call at 262.299.4606 to discuss how FastTrack can help your organization or email us here

We would be happy to show you a demo. Give us a call at 262-299-4606 or drop us an email here
FastTrack admin

Admin By Request

Admin By Request is product that is also developed by FastTrack Software.

This page gives you an overview of the product.

For more information, please go to the product web site at www.adminbyrequest.com.

SOLVE YOUR LOCAL ADMIN PROBLEM TODAY !

Department of Commerce Red Cross Kpmg Booking Aspen Dental Hamilton Beach Toyota Disney Kawasaki Goodyear NOAA
          


The Admin By Request value proposition

You are probably reading this, because you know you have a problem. Either your company allows users to be local administrators or you have to do countless remote installs. We can solve this for you with little effort.

We have many customers with tens of thousands of users, who have tried to implement whitelisting solutions, but came to us after spending lots of money on projects that could never succeed, because at the end of the day, you cannot know what your users will need tomorrow. Instead of speculating on this by creating whitelists and software packages, Admin By Request works totally different. When your user has an administrator need, all they have to do is request permission via the Admin By Request client software.

You have the flexibility to set Admin By Request to approve automatically or require IT staff to verify the request. Once a user is approved, they get a time-limited, real-time, local admin elevation to install the requested software. Once finished, you have a full audit trail of the user’s activity and an overview of all activities across the board.

Users are never blocked from doing their job and you can use your IT resources on other activities, knowing you have a full audit trail. It's win/win for you and your users. Contact us today for a live demo. Let us show you how to regain control of your local admin accounts.

Interested? Go to www.adminbyrequest.com or read on for more details.


Admin By Request in details

Admin By Request consists of a portal account and a client MSI file. The client MSI itself is only 2 megabytes. With your portal login, you configure settings, view reports and download your MSI file. You can hit "Download" link at the top to get a free fully functional trial login right away.

The hidden risk of security solutions

Replacing Windows system files or components can lead to future problems because of OS updates, which could break your OS installs - even to the extend that your computers can no longer boot. A significant advantage to Admin By Request client software is that it does not change or replace any Windows system files or components. It uses only what is already built into Windows. It also does not consume any resources, unless it is invoked.

Requesting access

The user will see a green icon in the system tray. You can also have Admin By Request put a shortcut on the user's desktop. When the user needs to do something that requires administrator rights, the user has to click the icon to request a time-limited on-the-fly administrator session.

Request Admin rights

When the user makes the request for administrator rights (hence the name Admin By Request), two things can happen. When you are signed in to this portal, you decide in your settings, whether you allow administrator access without pre-approval or not. You can granulate who gets auto-approved based on domain user/computer group or OU. If you are using Azure AD only, you can filter by Azure groups. If you allow access without approval, the user becomes time-limited administrator right away. If you do not, someone must approve in the portal and an email flow starts. In either case, the user will see the window below and must enter reason for this need. You can disable the screen for auto-approved users.

Request Admin right window

User interfaces and email communications are automatically localized to Spanish, French, German, Danish, Norwegian and Swedish, if the user is using one of these languages as the Windows language. More languages will added in the future.

Approving access

If the user is not auto-approved, one or more persons will receive a notification email that a user has requested administrative access. When you click the link in the email on your phone or computer (or select "Requests" when signed in), you will see a list of pending requests, including contact information and computer data. You then simply click Approve or Deny for each request. When you press either button, the user will receive an email with instructions. The emails can be customized with company specific information, such as a Help Desk phone number. If you have GDPR concerns, you can disable collection of user name, email address and phone number. Refer to our SLA & Compliance page for more information.

Approving access

Administrative session

If the user is auto-approved or the request has been accepted by you, the user can start the session. This happens on-the-fly without having to log off and on and you can configure, how much time the user is administrator.

Request Admin rights approved

When the timer starts, the user can run applications elevated. Account Control (UAC) is still in effect, if enabled. If the user needs to run an application elevated, the user still has to select "Run as administrator" and enter their own credentials. If the user starts an installation, Windows Installer or similar installer will automatically ask for elevation and trigger the prompted for user's credentials to continue.

Run TeamViewer setup as administrator

Once the user either stops the timer or the time runs out, the information will be uploaded to this portal. You can see who and when and also which software was installed and which applications were run elevated during the administrator session.

Preventing abuse

So what prevents the user from abusing the system? The fact that the user has to request IT for access will in itself prevent the most obvious abuse. But as part of your settings, you can also configure a Codes of Conduct page. Here you customize verbage that suits your policy. For example, what is the penalty for using the administrator session for personal objectives. You can also choose explain, what you can monitor from the portal. When you enable the instructions screen in the settings, this screen will appear right before the administrative session starts. You can also customize company name and logo for all screens, so there is no doubt this message is indeed from the user's own company. This is the configuration part of the portal, where you set authorization, company logo, policies, email communications, etc.

Codes of conduct

Tampering protection

The administrators group will be snapshotted before the session starts and restored after session end. If the user tries to add other users or groups to the administrators group, these will simply be removed at the end of the session. If the user tried to uninstall Admin By Request during a session, Windows Installer will show an error message saying that Admin By Request cannot be uninstalled during an active session.

Backdoor accounts

If the user has a local admin account that no one knows about, this is not a problem. Because when a user logs on, rights are simply revoked. The reason all accounts are not revoked in general, is because you may have service accounts that you want to continue to have administrative rights. Refer to our FAQ page for more information.

Offline computers

Admin By Request works the same whether the computer is online or offline. Portal settings are cached on the client and all data going the other way is queued, so the user experience will be no different at all, whether the computer has internet or not.

PIN code

Computers work the same online or offline - except of course, if you require approval and the computer is offline. Then no one will know the user has a pending request until the computer has an internet connection, at which time it will flush its upload queue. This would rarely be a real-world problem, but there are examples, where a computer is offline for a long period of time with no option to get online. A good example is our customer Red Cross, which has workers going offline for weeks to a village in Africa. This is not a problem in itself, because the computer will just collect data and flush the queue later - but if approval is required, the user is stuck.

This is where the PIN code comes in. If you look at the screen further up, you can see a link that says "I have a PIN code". This link only appears, if you have approval mode on - and there is no internet. Then the user can call your Help Desk over the phone and get a temporary PIN code that you can generate in the portal. When the user clicks "I have a PIN code", the screen below appears and the user can start the administrator session without internet.

Request Admin rights PIN code

Legacy applications / Whitelisting

Some legacy applications require local administrator rights, simply because they were written back in the day, when everything was open and using the same folder for application files and data was the norm. You can make a white-list of applications in the portal which will automatically elevate. You can also create blacklists of programs you never want the user to run, such as cmd.exe or regedit.exe.

Learning mode

Maybe your company took over another company, so you have no idea, which applications users run as administrator simply because they are legacy applications that do not run without admin rights. For this, we have a feature called Learning Mode that you can configure in the portal. It's kind of a pre-production mode, where you install the Admin By Request client, but it doesn't do anything but sitt there and "listen" to which applications users start as administrator. Then after a period of time, you can go through the collected list in the portal and click a whitelist button on the relevant application. Once you are ready to go “live” you just disable Leaning Mode and Admin By Request starts revoking admin rights.

Request Admin rights PIN code

          



Questions?

Please review the videos below and check our FAQ page. If this does not answer your question, please feel free to contact us using the top menu. If you need to purchase a license, please contact us or use the Quote option at the top.


Product overview video

This video goes through the benefits of Admin By Request. The bottom video will go through the grant flow in greater details.


Portal overview video

This video goes through the portal that will be accessible to you during your trial or as licensed customer.


          
Outlook Signature Generation

Outlook Signatures

Build mass-deployable Outlook signatures using a Word-like designer. More
Graphical Logon Scripts

Codeless Logon Scripts

Build graphical logon scripts with your own logo by pure point and click. More
IP Printing

Kill your print servers

Print to IP printers directly. More
Software Deploy

Software Deploy and Inventory

Push software without a management server and inventory to the cloud. More
Zero Touch Thin PC

Tired of Desktop Authority?

Same features - less complexity. More

Want to terminate local admin rights?

Try our sister product Admin By Request
Laptop Backups

Lockdown Local Admins

Revoke local admins rights and have users request ad-hoc access under full audit. More


Rating: 5 out of 5

"Use this as a replacement for VBScript and PowerShell"

"It's easy to include attractive GUI elements in FastTrack scripts, beyond the basic dialog boxes and text input that VBScript offers ... Another powerful feature is the ability to distribute scripts as Windows Installer (.msi) or standard .exe files. Although interesting in its own right, this ability results in a much more intriguing capability: to repackage -- or wrap -- software installers as .msi files without using snapshots. If you've ever created an .msi installer file from before-and-after system snapshots, for use with a software distribution system such as Group Policy or System Center Configuration Manager (SCCM), then you know how hit-and-miss the results can be."

Read full review


Rating: 8 out of 10

"Faster than the rest"

"We found the FastTrack syntax to be more transparent and easier to learn than Microsoft's PowerShell – the editor in particular provided good support in this regard. the Script Editor offers a large number of options from the command set through to simple output of graphical elements, which cannot be achieved at all with PowerShell or other solutions or only with a significantly greater level of effort."

"Anyone wanting to tackle the many hurdles in everyday admin and especially anyone for whom logon scripts and client automation is a priority will benefit from the variety of functions offered by FastTrack."

Review in English      Review in German
Department of Commerce Red Cross Kpmg Booking Aspen Dental Hamilton Beach Toyota Disney Kawasaki Goodyear NOAA

Kill your local admin accounts! Let users request access by request under full audit. Check this page for more info.