Technician Mode (please see Technician Mode - 2FA Authentication & Command Tray) and Technician Bypass Mode can be initiated from the Admin Portal or directly from each workstation. In either case Technician Mode is entered using the authority and permission of the AutoElevate technician who is authenticated either from the Admin Portal or AutoElevate Notify app.
Because of the additional functionality the Technician Mode Command Tray ALWAYS requires authentication.
Technician Bypass Mode is essentially controlled from the Admin Portal by setting the "Technician Mode Authentication" setting under the Agent section in the Admin Portal->Settings to either "Off" or "Auto". Technician Bypass Mode bypasses AutoElevate and allows a technician or other user to interact with the Windows UAC directly without having AutoElevate:
- automatically apply Approval or Deny rules
- produce notifications to the rest of your team
- require authentication using an AutoElevate account
When Technician Bypass Mode is active you will see the Technician Bypass Mode dialog displayed on the machine:
From this dialog you can enter authenticate Technician Mode, to gain access to it's enhanced features, by clicking the "Authenticate Technician Mode" button or can exit Technician Bypass mode to go back to the previous mode, (i.e. Back to Live Mode) by clicking the corresponding button.
The available options for "Technician Mode Authentication" in the Admin Portal are ON, OFF, or Auto (Setting this setting to OFF or Auto essentially enables Technician Bypass Mode) which are described below.
On a machine that has the AutoElevate Agent installed, Technician Mode (and/or Technician Bypass Mode depending on your settings) is initiated in one of 3 ways, either by:
- Pressing Ctrl+Alt+A
- Clicking the 'Technician Mode' link in the lower right-hand corner of a dialog box on the machine
- Running the "AETechnicianModeLauncher.exe" executable which is found in the C:\Program Files (x86)\AutoElevate\ directory.
To change the behavior and/or enable Technician Bypass Mode go to the “Settings” menu in the Admin Portal, click ‘Edit’, and select the desired setting in the ‘Technician Mode Authentication’ field.
2 settings to choose from (on/off):
- On– Authentication is required using the AutoElevate Notify app which gives the technician access to Technician Mode's enhanced features (please see Technician Mode - 2FA Authentication & Command Tray). “On” is the default setting.
- Off– When the technician mode link is clicked the workstation will immediately enter Technician Bypass Mode without any authentication, regardless of the privilege level of the user that is logged in. This allows the user to interact with the UAC directly but keep in mind that If the user is logged in as an administrator this would allow them to easily bypass the AutoElevate system and therefore should be used cautiously.
- Auto– is a legacy setting which no longer is applicable starting with Agent version 2.2.0 but remains for legacy compatibility purposes. In previous agent versions when Auto was selected the requirement for authentication was changed automatically based on the privilege level of the user that is currently logged into the computer.
If the user logged into Windows has Standard privileges, then entering technician mode will not require authentication with AutoElevate but will immediately enter Technician Bypass Mode.
If the user logged into Windows has Administrator privileges, then clicking the link to enter Technician Mode will require a valid authentication with AutoElevate.