Creating Elevation Rules from UAC Events

To create a rule from a UAC event, please do the following:
 

1. In the left-hand column click Elevation Events
    
2. On the event grid select the event(s) by clicking the square next to the listed events(s) you want to turn into a rule
    
3. Click on the Actions menu at the top left of the screen, and then Convert To Rule 

4. A Dialog box will appear asking you to choose the Approval Status of either Approved or Denied and then what level you want to create the rule on. You may choose All Companies, Whole Company, Whole Location, or Computer. Computers will take precedence over the rest, where there’s a hierarchy. 

5. After selecting the level, another dropdown menu will appear where you can select the specific location (either by selecting from the drop-down list or typing in the space to search). For convenience, the Company, Location and Computer from the recorded event are pinned to top the of the list for easy selection. 

6. Click OK to accept changes once the specific location, Company, or Computer is selected.
 

To prevent our Agent from intercepting the User Account Control (UAC), you can select a Rule (checkbox) then from the Actions menu, under Ignore Mode select Set to On. This will allow the UAC to come up and be displayed to the user, effectively having AutoElevate ignore it.
 

For anything that doesn't have a rule, we default to a position of security and allow the UAC to come up.
 

You can verify if an event has an existing rule that would apply under the Had Matching Rule? column in the Elevation Events screen. Requires agent version 2.9.2.0+ and applies to all Elevation Modes.
 

We recommend creating a break-the-glass local admin on each system (that perhaps only management has access to the credentials) for rare cases like these.