Articles in this section

System Overview – System Agent

Avatar
Owen Parry
  • Updated
Follow

What the Agent Does

The AutoElevate software that is installed on each computer monitors, reports on, and responds to UAC privilege events is collectively referred to as the “AutoElevate System Agent”. 

 

The AutoElevate Agent operates in either “Audit", "Policy", “Live”, or "Technician" mode. Upon installation Agents are placed in Audit mode by default however for basic testing purposes the Agent should be changed into Live mode.

 

How to Change Agent Modes

In the Admin Portal (https://msp.autoelevate.com ) from the "Computers" screen select the check box next to the computer(s) that you would like to change, and then from the ‘Actions’ menu select “Set to Live” under ‘Agent Mode’.

 

Once the Agent checks in and picks up the setting (check-in happens every 5 minutes) you are ready to test. Refresh the data using the "Refresh Data" button in the top right hand corner to refresh your view, and then look at the 'Agent Mode' column to see if the Agents have picked up the new Agent mode setting.

 

Agent Modes Defined

  • “Audit” - All UAC events are logged but the Agent does not respond to or apply defined rules and therefore no there is no change to the user experience. 
  • "Policy" - Policy mode will apply and process any defined rules but for any event that has no corresponding rule will NOT invoke the Real-Time evaluation process but instead will allow the UAC to appear to the user. Policy mode will allow an MSP to make and apply rules for key applications that have an immediate use case benefit but will not prompt the user or technician for evaluation of anything unknown.
  • “Live” - All UAC events are intercepted and rules that that have been defined are applied (to either elevate with privilege or block) but for any event that has no corresponding rule the end user will be given the choice to proceed with a privilege request. The privilege request causes any technician with company access to be notified and opens a ticket (if the MSP has an integrated PSA ticketing system). The technician is presented with information on who is making the request, what they are requesting, the basic security disposition of the machine, and information on whether the application or action they are wanting is safe, along with the ability to respond to the user's request in real time.  
  • "Technician" - Special mode enabling onsite Technicians to interact with the computer's UAC prompts. Please see "Technician Mode" documentation on our support site. 

 

More About The AutoElevate Agent Components

The components which make up the System Agent are the “AutoElevate Agent” service which is set to start automatically at Windows startup and then spawns the AEAlert and AEUACAgent applications once a user is logged in.  When the AutoElevate Agent service is stopped, the computer resumes normal UAC functionality and UAC events are no longer tracked.  

Please see "System Agent Installation" in our support documentation for more detailed instructions on Agent deployment options.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.