Technician Access Policies¶
IT help desk technicians often log on to end-user machines with administrative privileges to carry out certain tasks. This leads to various security and operational issues. To overcome such issues, Securden helps you define ‘Technician Access Policies’.
Typically, you can create policies authorizing specific technicians to perform
administrative tasks on specific endpoints. Technicians can log on to end-user machines with standard user privileges and offer the required assistance. Their privilege will be elevated on-demand temporarily. You can specify the computers on which specific technicians can have technician access.
Create technician access policies¶
To create a technician access policy, Navigate to Admin>> Privilege Elevation and Delegation >> Technician Access Policies
You need to create policies for domain-joined computers and non-domain computers separately. When creating the policy, you need to select ‘Domain Policy’ or ‘Non-domain Policy’ as required.
Follow the steps below to create a technician policy
The policy creation involves specifying the computers on which specific technicians should be able to access to perform various operations. The process is quite flexible - you can allow a technician or a group of technicians to access all computers or only specific computers. The technician could be a ‘user’ or a ‘group’ in Securden.
To create a policy, click ‘Add Policy’ and select ‘Add Domain Policy’ or ‘Non-domain Policy’ as needed.
In the GUI that opens, enter the following information:
Technician policy name: The name that you enter here helps you uniquely identify the policy being created.
Description: A brief of the policy for a quick overview
Select the computers and computer groups the technician could access¶
All the OUs and Groups imported from AD will be displayed as ‘Computer Groups’ in Securden. In this step, you will specify the computers and computer groups that you want to authorize the technician to access and carry out the tasks. You can allow access to all computers or only for specific computers.
Associate policy with the technician¶
The final step is to associate the policy with the required technicians or groups. The ‘technician’ could be a ‘user’ or a ‘group’ in Securden. You can select either all ‘users’ or specific users/groups alone. For example, you can designate all members of the IT Help Desk group to access the computers selected in the previous step.
- To associate the policy with all domain users and accounts enable All domain users/accounts imported in Securden
- To select users or groups, use the search user/group and choose from the list of users/groups.
Finally, Save the changes.
Approval for policies¶
On completing this step, your technician access policy created will be reserved for review and approval by another administrator. You can check the approval status on the technician policies page. Approved policies will be shown as ‘Active’.
How to approve technician access policies?¶
Administrators can approve the policies created by other administrators from Admin >> Privilege Elevation and Delegation >> Technician Access Policies. Administrators will receive email notifications when a policy is created and awaits approval.
How do technicians commence access?¶
When a technician wants to access an endpoint, the technician must use the Securden tray icon present in the machine. (See the icon shown inside the red circle in the image below).
Upon clicking the tray icon, the technician will see a menu in which Start Technician Access will be one of the options. When that option is clicked, the technician will be prompted to enter credentials for authentication. The technician has to enter his/her domain account credentials to authenticate.
Upon successful authentication, technician access will start.
The technician will have administrative access and can carry out the required tasks. To elevate applications the technician should use Run as Administrator instead of Run with Securden Privilege. When doing so, the technician will see the UAC prompt, but along with that Securden screen will also overlay as shown in the screenshot below:
Finally, the technician must click End Technician Access access - available in the tray icon menu.