×
×
×
×

EPM Policy Deployment

Last Updated On: 18 Jun 2026|
4 minutes read |

Introduction

Once the Privileged Application List is created, the next step is to deploy the Endpoint Privilege Management policy to the appropriate user devices. This involves associating the list with relevant custom groups and enabling privilege elevation based on organizational requirements. Deployment ensures that only authorized users gain elevated access to approved applications in a secure and controlled manner.

Configuring Privilege Management

The Privilege Management policy is used to control usage of local admin accounts by allowing standard users to self-elevate their privileges to specific applications.

  • Login to the Application Control Plus web console and navigate to App Ctrl -> Privilege Management.
  • To allow the self elevation of applications, enable the toggle for Enable users to elevate applications manually.
  • To configure elevated privileges for all allowed applications or specific applications, enable the Configure specific application to run with elevated privileges to create a list of applications that need administrator level access to run.
  • The applications can be automatically elevated by enabling the Auto Elevation option.

  • After this list creation is done, you can navigate to the Policy Deployment tab and choose the Custom Group with the user-devices that require privileged access to those applications. After completion, click Yes to Associate the Privileged Application List to the chosen custom group.

    Associate Privileged Application List

  • The user-devices in the associated custom group can attain privileged access to those applications by right clicking on the application's exe and choosing 'Run as Application Control Plus'.

    Run as ManageEngine option

Revoking Application Privileges

Deleting the policies created after fulfilling the requirements can prevent the misuse of the elevated privileges.

Delete Application Group

Application Elevation Events

The Elevation Events view provides a detailed audit trail of applications that have been elevated by users on a managed endpoint. This helps administrators monitor privilege elevation activities and ensure that elevated access is being used appropriately. To view the events:

  1. Navigate to Systems and select the required machine.
  2. Open the Events tab and select Elevation Events from the left panel.

The view captures information such as the application name, user who performed the elevation, event type, date and time of elevation, reason provided by the user (if required), remarks, and the associated elevation policy. Click Update Now on the right top corner to refresh and display the latest events from the endpoint.

Elevation Events