US English (US)
ES Spanish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

  • Contact Us
English (US)
US English (US)
ES Spanish
  • Home
  • AutoElevate Knowledgebase
  • New to AutoElevate? START HERE

Audit Guide

Learn about the basics of auditing and how to properly conduct one.

Written by Owen Parry

Updated at July 27th, 2024

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

  • AutoElevate Knowledgebase
    New to AutoElevate? START HERE General & Troubleshooting Managing Rules Integrations Announcements FAQ Sales & Marketing
  • Password Boss Knowledgebase
    Using Password Boss Business Administration Password Boss Partner Documents Password Boss WebApp
  • Changelogs for Autoelevate and Password Boss
  • Current Status
+ More

Table of Contents

A best practice is for UAC to be turned on Notes About Changing UAC Status A best practice is for users to be only running as Standard Users A best practice is for UAC User Level 3 or 4 and UAC Admin Level to be set to 2 or higher Are your best practices being followed and implemented at your client sites? What machines under your management would be targeted by hackers with the latest malware because end users are working with too many privileges? Are users being inconvenienced by not having admin privileges?

When a new agent is installed, the Elevation Mode is initially set to Audit by default. This setting is specifically designed to assess the security status of all devices in your environment without impacting the user experience. By analyzing this data, you can create a comprehensive Plan Of Action to enhance security measures and transition to using AutoElevate in Live mode. The following document covers some questions that would be good to review as part of your process, along with guidance on using the AutoElevate Admin Portal to gather required information and utilizing specific Labtech scripts for necessary adjustments.

How many machines have their security set in a way that puts you at risk and makes them vulnerable to a business-ending security breach?

 

A best practice is for UAC to be turned on

To determine if UAC is turned off or on, do the following from the Admin Portal Computers Screen:

  • Drag the UAC Status column header to the top
     
  • To set the UAC on/off, do the following:
    • Check off the box next to the computer(s) that you want to change the UAC setting on
       
    • Then click on the Actions menu (near the top of the screen) 
       
    • Select to set UAC to one of the following settings (under the UAC Settings heading):
      • Set to On (Not Dimmed)
         
      • Set to On (Dimmed)
         
      • Set to On (Maximum)
         
      • Set to Off
         

Notes About Changing UAC Status

Our system does not initiate a system reboot, but one is necessary for Windows to change the UAC from On to Off or vice versa, regardless of whether it is changed via our system, your RMM, or directly from Windows. 

AutoElevate will give you the status of whether the system has been rebooted since requesting the change and whether or not it has been changed and rebooted in the UAC Status column on the Computer screen. 

Once one of the computers is in an On state and has been rebooted, it can be changed to any of the other On states without requiring a reboot (i.e., changing from On (Not Dimmed) to On (Dimmed), etc.). The change will occur immediately once the system agent checks in with the Admin Portal. 

There are some subtle differences in UAC settings when manually logging in and changing the sliders in Windows, so we have consolidated those settings down to 3 options, which can be set in AutoElevate, which then sets the appropriate settings for all types of users for the machine. The UAC settings are:

  • Not Dimmed - means that the Windows UAC dialog boxes are being launched in the logged-in user desktop session, and therefore, it is possible for applications or processes running in that desktop session to interact with the UAC dialogs potentially.
     
  • Dimmed - means that the Windows UAC dialog boxes are being launched in a special private and isolated desktop session, which is separate from the user and prevents applications or processes running as the user from interacting with the UAC dialogs, a more secure method.
     
  • Maximum - a setting that applies specifically to users logged in as an Administrator. Maximum UAC will make it so that Administrators are both Dimmed and prompted for application installs, file elevations, and administrative tasks.
 

 

A best practice is for users to be only running as Standard Users

To determine if users are running as Admins or as Standard Users look in the Admin Portal from the Computers Screen:

  • Drag the Active User Privilege Type column header to the top. This will sort machines by what type of privilege-level machines are running. Take note of users running as Administrators and make arrangements to get into the machine and change the user's permissions level. If a user must run as Administrator make sure UAC is on and UAC Admin Level is set to 3 or preferably 4.
     

A best practice is for UAC User Level 3 or 4 and UAC Admin Level to be set to 2 or higher

By setting the UAC On and either Dimmed or Not Dimmed from the Admin Portal, these settings are set appropriately for you and reflected in the UAC User Level & UAC Admin Level columns.

 

 Are your best practices being followed and implemented at your client sites?

You can easily monitor the status of best practices such as System Restore, Anti-Virus, and Windows Updates.

Evaluate the security disposition of the machines at each Company and Location by dragging each of the following column headers to the top of the Computers screen to examine machines by each group that may need adjustments

  • Drag the System Restore Enabled column header to the top
  • Drag the Anti-Virus Enabled column header to the top
  • Drag the Anti-Virus Up-to-date column header to the top
  • Drag the Windows Update Enabled column header up to the top

 

What machines under your management would be targeted by hackers with the latest malware because end users are working with too many privileges?

Look for machines that have a large number of users which are part of the Admin group

  • Close the Company and Location filters on the Computer Screen
     
  • Click on the Admin Users header to sort by computers with the highest number of admin users
     

 

Are users being inconvenienced by not having admin privileges? 

Once you have UAC turned on and the agents installed, run the client machines for a period of time in Audit mode to monitor and determine how many times machines are having UAC events and what is being requested

  • From the Events Screen, drag the Computer Name column header to the top to group Events by Computer
     
  • Then drag either the Vendor or Name column header to the top to see the most common requests
accounting check audit review

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Client On-Boarding Guide
  • AutoElevate Notify App Screen Guide
  • Blocker Quickstart Guide
  • System Agent Installation
  • Products
    • Privileged Access Management
    • Password Management
  • Solutions
    • For MSPs
    • For IT Pros
    • By Industry
  • Resources
    • Weekly Demos
    • Events
    • Blog
    • FAQ
  • Company
    • Leadership
    • Culture + Values
    • Careers
    • Awards
    • News & Press
    • Trust Center
    • Distributors
  • Get Pricing
  • Free Trial
  • Request a Demo
  • Support
  • Login
  • Contact
4925 Independence Parkway
Suite 400
Tampa, FL 33634
CALL US (813) 578-8200
  • Link to Facebook
  • Link to Linkedin
  • Link to Twitter
  • Link to Youtube
© 2023 CYBERFOX LLC ALL RIGHTS RESERVED  |  Privacy Policy

Knowledge Base Software powered by Helpjuice

Expand