Articles in this section

See more

Admin Login

Avatar
Daniel Rivera
  • Updated
Follow

AutoElevate's Admin Log In feature enables technicians to access a computer as an Admin user by scanning a QR code to authenticate, making it easy and secure to perform critical tasks. However, it's worth noting that when the Agent creates or takes control of an existing user, access will only be granted to the Agent. This feature is designed and supported for 64-bit Windows workstations, including versions 10, and 11.

Your agents must be on v2.5+ for this feature to be available.

NOTE: Admin Login does not currently work within a RDC (Remote Desktop Connection) or for a Windows 365 cloud computer. We are currently working on a fix for this issue.

Quick Start

  • From the Settings screen select Global> Agent Customizations & Behavior> Admin Login> Edit (Pencil icon) or create a new Level Setting (Whole Company, Location or Computer) using the "+" icon from the top of the grid.

  • Check the "Enabled" box, set custom User name then SAVE.

  • Then select Global> Agent Security> Admin Login Authorization> Edit (Pencil icon) or create a new Level Setting (Whole Company, Location or Computer) using the "+" icon from the top of the grid.

  • Select Role or Users you wish to allow access to this feature and SAVE.

Enabling - Additional Options & Info

  • From the Settings screen select either Global> Agent Security> Admin Login> Edit (Pencil icon) or create a new Level Setting (Whole Company, Location or Computer) using the "+" icon from the top of the grid.

    • Enabled: Check to enable.

    • Username: Set a user name. When adding a user, it's important to note that if the username already exists on the machine, its password will be overwritten. This can be helpful for existing admin accounts on the end-user's computer. However, it's crucial to exercise caution when using this feature to avoid overwriting the password of a user that the technician did not intend to modify. Always verify that the correct username has been entered before proceeding.

    • Delete User After Every Log Off: Check to enable. This option allows technicians to create temporary admin users that are automatically removed when they are no longer in use. Note: Persistent users will not be deleted during uninstallation or when the "Admin Login" setting is disabled.

    • Saveadminlogon-screenshot1.png

  • Next select either Global> Agent Security> Admin Login Authorization> Edit (Pencil icon) or create a new Level Setting (Whole Company, Location or Computer) using the "+" icon from the top of the grid.

    • Select Role or Users you wish to allow access to this feature.
    • Saveadminlogon-screenshot2.png

  • Finally, select either Global> Agent Customizations & Behavior> Logo (Square)> Edit (Pencil icon) or create a new Level Setting (Whole Company, Location or Computer) using the "+" icon from the top of the grid.

    • Upload image that will be used for the User icon at the Windows Lock Screen.

      • The image cannot be larger than 1MB.

      • Does not support “.webp” images.

      • Transparent images will not be transparent. The transparent space will be replaced with a white background.

    • Saveadminlogon-screenshot4.png

How it works

  • Enabling the "Admin Login" setting adds a "Credential Provider" to the system, which appears on the Windows Lock Screen. This provides the technician with access to an admin account, allowing them to sign in without the need for a password.

  • As no password is required to log in to the admin account, a QR code is displayed to authenticate the technician. This code expires after 10 minutes. If the technician's role or the technician themselves have been authorized in the "Admin Login Authorization" setting, they can use the AutoElevate Notify app to scan the QR code and grant access.

  • Upon logging in, the session is automatically entered into Technician mode.

  • The Credential Provider comes with a built-in self-recovery feature. If it detects any issues with itself, it will disable itself automatically to avoid any further problems. In such cases, the "AutoElevate Agent" service or the computer can be restarted to reset the Credential Provider and restore its functionality.

  • The Credential Provider is designed not to load in Safe Mode, providing an alternative method of recovery in case the credential provider fails. This ensures that the Credential Provider does not interfere with other system-level changes that may be necessary in Safe Mode. In the event of a failure, users can access the computer in Safe Mode and then disable or reset the Credential Provider to restore normal functionality.adminlogon-screenshot5.png

Auditing

  • To monitor if a computer has logged in using "Admin Log In", you can access the computer's "View" screen (indicated by an eye icon) from the Computer grid. This screen displays detailed information about the computer's activity and log in history.

  • In addition to the Computer grid, you can also view the "General Information" and "State Information" of a computer by expanding the dropdown menu. This provides a quick overview of the computer's status and any relevant information that may impact its security.

  • To track attempted "Admin Log In", you can access the "Admin Logins" section. This will display the date and time when the login attempt was made (Date Created), whether it was successful or not (Date Updated), and the name of the user who authenticated the log in (Authenticated By).adminlogon-screenshot3.png

Related articles

Comments

0 comments

Article is closed for comments.