-
Notifications
You must be signed in to change notification settings - Fork 10
Temporary Administrators
The temporary administrator features of C3-Inventory allow the provisioning and automatic removal of administrative rights for end-users using actions or offers. The feature requires the following to be successful:
- Activation of Temporary Administrators Analysis
- Add Users to Administrators Group Temporarily
- Offer Temporary Administrative Rights
- Automatically remove expired administrative privileges
The Analysis: Temporary Administrators - Windows should be activated to provide information on the current and previous temporary administrators on a machine.
This will provide two properties:
- Current administrators granted temporary rights
- Users previously granted temporary rights (and now expired)
The Fixlet: Invoke - Add Current User to Administrators Temporarily - Windows can be used to grant a user temporary administrative privileges.
This Fixlet has a number of actions available that determine the expiration date and time of the users administrative rights anywhere from 1 hour to 5 days.
By using the Fixlet: Invoke - Add Current User to Administrators Temporarily - Windows as an offer, you can temporarily grant users administrative rights in a self-service model.
Use Fixlet: Invoke - Remove Expired Users from Temporary Administrators- Windows as a policy action to always remove expired users from the administrators group.
This should be actioned to run an unlimited number of times with no delay.