Home » EPM Policy Deployment
Applicable For Endpoint Central MSP 
 
 

EPM Policy Deployment

Table of contents

Introduction

Once the Privileged Application List is created, the next step is to deploy the Endpoint Privilege Management policy to the appropriate user devices. This involves associating the list with relevant custom groups and enabling privilege elevation based on organizational requirements. Deployment ensures that only authorized users gain elevated access to approved applications in a secure and controlled manner.

Configuring Privilege Management

The Privilege Management policy is used to control usage of local admin accounts by allowing standard users to self-elevate their privileges to specific applications.

  • Login to the Endpoint Central web console and navigate to App Ctrl -> Privilege Management.
  • To allow the self elevation of applications, enable the toggle for Enable users to elevate applications manually.
  • To configure elevated privileges for all allowed applications or specific applications, enable the Configure specific application to run with elevated privileges to create a list of applications that need administrator level access to run.
  • The applications can be automatically elevated by enabling the Auto Elevation option.
  • After this list creation is done, you can navigate to the Policy Deployment tab and choose the Custom Group with the user-devices that require privileged access to those applications. After completion, click Yes to Associate the Privileged Application List to the chosen custom group.

    Associate Privileged Application List

  • The user-devices in the associated custom group can attain privileged access to those applications by right clicking on the application's exe and choosing 'Run as ManageEngine'.

    Run as ManageEngine option

Revoking Application Privileges

Deleting the policies created after fulfilling the requirements can prevent the misuse of the elevated privileges.

Delete Application Group