Settings Overview
Learn about the customization options available.
Written by Owen Parry
Updated at November 13th, 2023
Table of Contents
Settings can be configured to specific levels in the Settings screen.
Multi-Level Settings allows you to use the same settings you are familiar with and apply them to specific parts of the hierarchy. You can move, copy, or delete an existing setting from the Action Menu. Moving or copying a setting can be applied to whole company, whole location, or computer. Some settings can only be applied to certain levels and may invoke an error.
What is a Global setting?
Settings applied to all companies inside the MSP. Global settings cannot be deleted by default.
You can add a setting by clicking the blue +
This button will only be available to those with permission to add a setting.
-
Administrators: Can view, add, edit, and delete all settings.
-
Technician Level 3: Same as Administrator, except can only view global settings.
-
Technician Level 2 & 1: Cannot view settings at all.
An error will appear if a user attempts to create a setting for one that already exists.
Setting Options
Agent Customizations & Behavior
Admin Portal
Logo
Default value: the AutoElevate logo
Upload your company logo here. This is currently only visible on the Admin Portal in the top left corner of the screen. The recommended size would be a height of 34px, as we leave some padding around the edges to ensure it looks good in the space.
Primary Color
Default value: #c52928
SideBar Background Color
Default value: #19212b
SideBar Header Background Color
Default value: #262f3d
The color used for the SideBar Header background.
Agent Customizations & Behavior
Admin Login
Default value: Disabled
Specifies the name of the local user to override or create. Warning: The password will be overridden if an existing user is specified. For more information on this feature, please see this article.
Agent Dialog Message Overrides
Alert Title
Default value: the name of your account
The title bar for all dialogs. It can be changed, as an example, to “Your Company Name - Privilege Management System.”
Technician Mode Hotkey
Default value: Enabled
Controls whether or not the CTRL-ALT-A combination that opens Technician Mode is registered as a global hotkey on the Computer.
Denial Callbacks
Default value: Disabled
Controls whether or not a dialog box will appear for the end-user if an elevation Request is denied.
"Denial Callbacks" will happen (if enabled) when you "Deny" a Request for elevation after the initial 60-second timer has expired. If you "Deny" something, the end-user will not receive a dialog box telling them it has been denied. Most Companies will handle that via their ticketing system in the automated tickets that we create or reach out to the client since denials are less frequent than approvals. If you enable "Denial Callbacks," our agent will pop up a dialog telling the user about the denial.
Event Logging
Default value: Disabled
-
For more information on this setting, please see article Event Logging.
Technician Mode Authentication
Default value: Enabled
For more information on this setting, please see this article.
Timer Interval (Seconds)
Default value: 60
When an end-user makes an elevation Request, a timer counts down from the time specified here.
UAC Loading Overlay
Default value: Enabled
When a UAC appears, and the agent is examining it, this overlay will appear next to the UAC, letting the end user know that they should wait a few moments while we examine the file they are trying to elevate.
Agent Security
Block Requests from "AppData\Local\Temp"
Default value: Disabled
Turning this feature on will prevent any Request where the file attempting elevation originates from the current user's "AppData\Local\Temp" directory. Additionally, much malware is run from the "AppData\Local\Temp" directory, so as a safety measure, when we detect a file being run from there, an alert will display "Can Not Verify Source File(s)". We ask the end-user to right-click on the originating file so that we can properly identify it.
Admin Login Authorization
Default value: Empty list
Specifies which user roles or individual users are authorized to authenticate an Admin Log-In Request. For more information on this setting, please see this article.
Excluded Admin Users (for Remove Admin Privileges feature)
Default value: Empty list
List of local accounts that you do NOT wish to be removed from the local Administrators group when the "Remove Admin Privileges" setting is enabled. (As an example: Administrator, MSPAdmin, local-admin) For more information on the Remove Admin Privileges feature, please see this article.
Remove Admin Privileges
Default value: Disabled
When enabled, the agent automatically removes the "currently logged in" user from the local Administrators group. The user would then need to logout/login for their Admin Privileges to be completely removed. This functionality does NOT affect domain group membership OR modify domain groups on the local machine.
NOTE: To avoid negatively affecting accounts that should never be removed from the local Administrators group, please be sure to set a list of "Excluded Admin Users" before enabling this setting.
For more information, please see this article.
User Elevation Local Password Storage
Default value: Enabled
When "User Elevation" occurs for the 1st time for any given user, the agent will prompt the user to enter their password which is then stored securely in Microsoft’s "Windows Credential Manager" for future use in the automated elevation process. This password remains only on the local machine and is never sent over the network or internet and is not stored on AutoElevate servers.
Disabling this setting will force the user to enter their password every time a User Elevation occurs and thus will not store that password in the "Windows Credential Manager".
For more information on User Elevation and other elevation types, please see this article.
System Elevation Fallback
Default value: Disabled
If in the rare case that one of the other elevation types fail, System elevation will be used as a fallback. This will launch the application with a system token.
Enabling this setting may allow some things to being elevated if there are issues with Admin or User elevation but it will launch the application with a System token, which in most cases is not desirable.
For more information on System Elevation and other elevation types, please see this article.
Technician Mode Timeout (Minutes)
Default value: 15
In order to prevent unauthorized access in the event that Technician Mode was accidentally left running on a client computer, it will automatically close after the amount of time specified here.
For more information on Technician Mode, please see this article.
Mobile App
Local Authentication
Default value: Disabled
Controls whether or not the mobile app will require local authentication from the user every time the app is launched and if a pin code can be used as an alternative to biometric or fingerprint authentication.
Requests & Rules
Default Elevation Type
Default value: Admin Elevation
Specifies which Elevation Type is selected by default when approving a Request. This can be overridden at the time of the Request by selecting a different type before approving. For more information on elevation types, please see this article.
Single Sign On
Single Sign On with Azure AD
Default value: Disabled
For more information on Single Sign On, please see this article.
Ticketing
PSA Integration
Time Entry Duration in Minutes
AutoElevate automatically enters a specified amount of time on each ticket whenever a technician takes action on a privilege request. The default amount is 15 minutes, but it is customizable. If set to “0”, timer entries are disabled, and only a note of the outcome is entered on the ticket.
Time Entry Content Template
Ability to change the structure of the Time Entry note on a ticket.
Variables include: $REQUEST_APPROVAL_STATE, $REQUEST_OUTCOME, $UPDATED_BY_NAME, $BEST_APP_NAME, $PRODUCT_NAME, $FILE_DESCRIPTION, $FILE_PATH
It is possible that $PRODUCT_NAME and $FILE_DESCRIPTION do not exist for some Requests. Using $BEST_APP_NAME will then display the $FILE_PATH if the other fields don't exist.