v2.8.2 - 2024-02-07
- Protects against the "Agent Mode" being reset to “Audit” when JIT Admin Login is enabled and upgrading from agents v2.5.x-2.6.x.
v2.8.1 - 2024-02-06
- Ignores the "AGENT_MODE" MSI argument if the agent is already installed. This prevents accidental agent mode changes when using MSI deployment scripts that include the “AGENT_MODE” argument.
v2.8.0 - 2024-02-02
- Elevation Batch file (.bat) support. The agent now properly recognizes .bat files and allows them to be the target of Requests & Rules.
- Fixes Just-in-Time Admin Login issue preventing the temporary user from being removed.
- Fixes Just-in-Time Admin Login issue preventing the logged in session from entering Technician Mode immediately.
- Fixes uninstaller issue that could prevent the agent from being uninstalled.
v2.6.3 - 2023-08-25
- Performance & security enhancements.
- Enhanced "check-in" & "offline reconnect" processes that reduces load on cloud services.
- Fixes issues with the "Admin Members" data on the Computers grid not reporting correctly in some cases.
- Fixes issues with the "Active User Privilege Type" data on the Computers grid not reporting correctly in some cases.
v220.127.116.11 - 2023-08-14
- Fixed bug preventing the "Credential Input" dialog from appearing during User Elevations on certain computers.
v2.5.4 - 2023-07-11
- Allows the Agent to create Windows Event Logs for certain tasks that the Agent performs. (Documentation coming soon)
- Allows the Agent to send Events and Requests to the Admin Portal that contain a SHA256 file hash along side the currently used MD5 file hash. The Agent can also receive rules that include a SHA256 file hash in the file identification criteria
- Allows the dialog that appears before a privilege elevation request is made, to receive a custom Title and HTML Display. This feature is customizable in the Admin Portal's Settings grid under the "Agent Dialog Message Overrides" setting, in the "Pre-Request" tab.
- Adds support for elevating applications with a CLSID or UNC file path.
- Adds language support for Chinese, Japanese & Portuguese.
- Fixes bug causing the computer state report stop when identifying the local admin group members.
- Fixes bug preventing rules from being denied when the Agent is in policy mode.
- Fixes bug causing an error during admin elevation.
- Fixes bug causing the Agent to crash when the check-in rules could not be received.
- Fixes bug when a rules file path conflicts with wild card pattern.
- Fixes bug causing the Agent to crash when the Technician Mode HotKey could not be registered.
- Adds support for parsing file names that contain Chinese characters.
- Adds support for parsing file names with a "vertical broken bar" character (¦)
- Allows the agent to work properly in FIPs enabled environments
- Resolves performance issues when the Agent is running on a terminal server.
- Improves the Agents ability to determine if the computer is a domain member.
- Improves the Agents ability to include cloud domain admin members in the computer state report.
v2.4.1 - 2021-02-19
- Advanced Rules: Publisher & File identification criteria. (Documentation HERE)
- Fixes bug preventing the agent from working with versions of Windows that were installed with some non-English languages.
- Fixes bug preventing the "Please wait while we examine this file…" process from completing.
- Allows the "Block Requests from 'AppData\Local\Temp'" security feature to be turned off from the Admin Portal (Settings) if desired.
- Improvements for local diagnostic logging.
v2.3.8 - 2020-10-07
- Fully supports all TLS versions so that support for v1.0 & v1.1 can be disabled on end-points.
- Fixes some elevation issues on the latest Windows 10 updates (2004)
- Various improvements for local diagnostic logging.
v2.3.5 - 2020-07-28
UAC event detection and integration for Danish.
Various minor fixes and improvements.
v2.3.1 - 2020-05-20
- Technician Mode Ticketing: See full article here
Fixes bug in v2.3.0 that caused some agents in Audit mode to go offline.
Fixes bug preventing Technician Mode from working properly on an agent that has only ever been in Audit mode.
Changes Technician Mode Timeout from 60 minutes to 15 minutes (unless a timer is running during ticketing).
Stability improvements when reporting state.
v2.2.3 - 2020-03-02
- Various minor fixes and improvements.
v2.2.1 - 2020-02-18
- Fixes bug causing the agent to not report state when the "Server" (Lanman) service isn't running.
v2.2.0 - 2020-01-14
Fixes bug causing the realtime timer to still respond to Request approval/denials even when it's not enabled.
Fixes bug preventing the agent from properly checking-in when the agent service was started while the Computer was offline.
Advanced Technician Mode: See full article here.
Technician Bypass Mode: See full article here.
Improves offline connection state detection and handling.
UAC event detection and integration for Italian and Nederlands (Nederland) languages.
v2.1.5 - 2019-11-19
- Now uses multiple endpoints to connect to AutoElevate services for better performance and reliability. These new endpoints are outlined in the following article.
v2.1.3 - 2019-11-07
- Fixes bug preventing some images from loading inside of custom dialog overrides.
- UAC event detection and integration for French (France), Swedish (Sweden/Finland) and Norwegian (Bokmal/Nynorsk) languages.
v2.1.2 - 2019-10-16
Fixes bug causing new Deny rules from being properly cached locally immediately after a Request is made.
Fixes bug preventing "Ignore Mode" from working properly on Rules.
v2.1.0 - 2019-10-09
Full Dialog Customization: See full article here.
Denial Callbacks can be enabled in Settings. This will send an alert back to the end-user when their Request is denied.
Ability for the agent to uninstall itself.
Fixes bug preventing the DLL lookup of CLSID's for 64 bit software. (ie. iTunes)
Fixes bug preventing elevation on some versions of Windows 10.
- Performance and stability enhancements
v2.0.3 - 2019-07-24
Fixes bug preventing password insertion for the AzureAD "Email Address" field.
Fixes problems when detecting UAC events and UAC integration on Windows installations where English was not the chosen language. (Now supports English, French, German, Irish, Spanish, Portuguese)
v2.0.0 - 2019-07-05
Compatible with Server 2008/R2, 2012/R2, 2016, 2019 Operating Systems.
Fully session aware and compatible with RDS/Terminal Services.
Elevation Types: Admin & User elevation now replace Password Mode & the default System token elevation.
"Remove Admin Privileges" migration capabilities which will help automate/expedite the conversion of environments with admin privileges to only having standard privileges in a few clicks without end users being inconvenienced.
Additional diagnostic functionalities for troubleshooting.
- Fixes issue preventing the "Technician Mode" button from not appearing on some alert screens.
The AE Admin user which is utilized for the 'Admin Elevation' is now just a normal standard user. The password on the account is assigned a new 127 character password before and after elevation, and the account itself is specifically elevated with Admin Privileges only for the moment it is elevating an approved application.
AE Admin account now is 100% hidden from users.
UAC dialog boxes are set to not allow users to be listed and for password fields to not allow the password to be viewed.
Other fixes and performance enhancements.
v1.8.6 - 2019-05-01
- Adds "Delayed Start Service": This service will startup as a "Delayed Start" service (2 minutes after boot) in order to check to make sure that the "AutoElevateAgent" is running. If it is not running it will start it and then stop itself. This service is not meant to be running at all times, only after a bootup.
v1.8.5 - 2019-04-30
- Properly handles interception of the Windows UAC for applications that contain any non-alphanumeric character that Windows allows to be in the path.
v1.8.4 - 2019-04-29
- System state is still reported on systems where WMI is not fully working properly.
v1.8.3 - 2019-04-26
- Fixes issue preventing some machines from properly reporting the "Current Logged in User"
- Sets service dependencies and streamlines agent startup to prevent failure to start when the machines has many services or low performance
v1.8.2 - 2019-04-12
- Fixes bug preventing user from exiting Technician mode
v1.8.1 - 2019-04-09
- Fixes rare crash when state reporting fails during an API outage
- Adds recovery options on service to always restart on failure
v1.8.0 - 2019-04-06
CLSID support - giving you enhanced ability to approve/deny and build rules for system functions and not just installs. As an example, now elevation requests and notifications will be raised when a user requests to change the network adapter setting or wants to uninstall an application. Previous versions of the agent would simply allow the UAC to come up instead of dismissing and processing it when a UAC was referencing a CLSID (com object in the registry). Including CLSID support will now give greater visibility into activities that the user initiates that require elevated privileges.
Technician Mode Authentication now can be turned off/on or set to Auto - This feature will allow you to decide if going into Technician Mode should require authentication (‘On’), not require authentication (‘Off’), or should dynamically change based on the privilege level of the user logged in (‘Auto’). When set to ‘Auto’, authentication will not be required when the logged in user has Standard privileges but will be required when the user had Administrator privileges. This will simplify environments that use outsourced help desk services.
System state is still reported on systems that do not use System Restore registry keys.
Fixed issues with how the agent handled the system being ‘offline’.
Remote Desktop Support for active (non-console) session users. AutoElevate will now work for clients using the MSTSC / RDS client.
All dialogs come to the top so that when numerous applications are open, dialogs don’t get buried and go un-noticed.
Alert app notifications show up in the taskbar with an icon so that messages don’t go un-noticed.
Main titles are now parsed from UAC dialogs and then displayed to the end user, and in the request. This gives a better description of what is being requested in many cases.
Adjustments to help with error tracking.
Adjustment which increases the reliability of how certain approved applications proceed through installation or launch.
v1.7.3 - 2019-01-22
Agent modified to read ticket number properly for Autotask and Kaseya plugins.
Alternate methods of logged in user being identified have been incorporated to remedy certain situations where the user could not be displayed but instead would display “Unknown User”.
Agent now can parse arguments which were specified when the UAC was originally encountered and then relaunches the application with token elevation using the same arguments. This method improves the accuracy of how the applications are re-launched and ultimately improves the user experience. With this functionality the agent can now successfully handle the launch of more complex applications including many uninstallations.
Functionality added so that when an MMC plugin is approved the plug in is specifically identified and launched as opposed to just the MMC console generically itself.
Numerous improvements were made to the updater component. Fix for the problem that was found to occur in a small percentage of cases where the updater would fail part way through updating which would leave the AutoElevate program folder missing.
Actions were added to the agent so that it has the ability to restart the AutoElevate Agent service and also the WMI computer service.
v1.6.1 - 2018-12-04
- Problem was resolved with interception of the Windows UAC for applications that included an “&” symbol.
“RuleApplied” event is now sent when approval is applied by a rule for password mode or for a network resource.
Functionality has been added so that MSI files can be launched with token elevation by being identified and then launched using MSIEXEC.exe.
v1.5.0 - 2018-10-09
Self updating agent – new features have been built into the agent which will allow the agent to be updated automatically. Further changes will be made to Admin Portal to address how updates will be rolled out and how change management is dealt with by the MSP.
Policy mode is now added to the list of available agent modes (Audit, Policy, Live, Technician) and is designed to be functionally between Audit and Live modes. Policy mode will apply any defined rules to an agent but will NOT invoke the Real-Time evaluation process if a rule has not been defined but will instead allow the UAC to appear. Policy mode will allow an MSP to make and apply rules for key applications that have an immediate use case benefit but will not prompt the user or technician for evaluation of anything unknown. Policy mode will allow MSPs to immediately put standard user machines into Policy mode and to start deriving time savings and benefit while still evaluating user activity.
- Adjustments have been made to the startup sequence of the Agent service and the logic on what happens at startup. Previously on some systems during the boot-up process the AE agent would start up prior to the computer having access to the network and/or Internet. The AE Agent then would be offline for an interval of 5 minutes in which time a user on occasion would have time to login and launch something requiring admin privileges and in those circumstances the UAC would not be intercepted.
- Previously on Windows 7 workstations when technician mode would exit Windows would give a crash report that the program was ended which looked like an error. In version 1.5.0 this has been fixed.
Now when a process has been launched that has an ‘approved’ rule, the default action will be for the process to be re-launched with elevated privileges automatically and no further dialog will be displayed stating that the application/process has been approved. Adjustments have been made to the agent so that the previous dialog box stating that the process is ‘approved’ can be turned on as a preference.
Technician mode timeout – Technician mode will now be set by default to go back to live mode automatically after 60 minutes. The agent has been adjusted so that this timeout interval can be adjusted by the MSP in preferences.
Neutral language on alert dialog – a couple subtle changes have been made to words used on the dialog boxes so that they would make more sense to international users.
Changes have been made to the Alert app so that other applications can be opened up on top with the intent that going forward the timed interval could be increased if desired without disrupting the end user’s work.
Changes have been made to fine tune the performance of the Agent regarding data collection and transmission.
Real-Time timer interval can now be adjusted according to the MSP’s preference. When set to ‘0’ a newly worded dialog box will come up in place of the timer letting the end user know that a ticket has been opened and that they will be notified when evaluation of their request has occurred.
v1.3.0 - 2018-07-25
In certain circumstances and environments applications being launched from network shares would not to be intercepted or elevated due to network share permissions not allowing specific interaction over the network with the Windows system account. This issue was identified and fixed so that access to any network share is accomplished using the permission level of the logged in user as opposed to the machine system level privilege.
On some systems the ‘technician mode’ link could not be accessed from an approval dialog box.
Under certain circumstances if a user quickly cancelled out of the Windows UAC then additional UACs afterwards would not be intercepted until the Agent service was restarted.
In some environments password policy complexity rules would prevent the AutoElevate admin user from being created and in some cases would then fail to install the agent. The AutoElevate password has been reduced to 127 characters.
Password Mode has been enhanced so that rules having password mode enabled will work when the Agent is offline, the additional dialog boxes were eliminated, and now the password is entered into the initial Windows UAC without initially dismissing it making for a more seamless experience. Now applications which are launched from a network share automatically use password mode to elevate privileges.
MSI installer now allows installation of the agent in “Live”, “Audit”, or “Technician” mode by using a command line option or argument. Being able to force installation in the mode of your choice makes it possible to automate installation rules via GPO or with an RMM to ensure all new installations are in the correctly desired mode without having to manually change Agent status.
The AESetup.msi file as well as all binaries that are unpacked and installed are now signed with AutoElevate digital certificate. This will help ensure the integrity of the application as well as prevent some antivirus systems from blocking installation based on that criteria.
AEAdmin user is created at installation and then hidden from the login screen until after user logs in. It remains hidden when the system is in Audit and Technician mode, as well as when the user logs out. Having the AEAdmin user created and ready for use facilitates its expedited use during a privilege request.
v1.2.0 - 2018-07-23
v1.1.0 - 2018-04-18
Refinement – Password Mode has been enhanced so that rules having password mode enabled will work when the Agent is offline, the additional dialog boxes were eliminated, and now the password is entered into the initial Windows UAC without initially dismissing it making for a more seamless experience. Now applications which are launched from a network share automatically use password mode to elevate privileges.
Refinement –MSI installer now allows installation of the agent in “Live”, “Audit”, or “Technician” mode by using a command line option or argument. Being able to force installation in the mode of your choice makes it possible to automate installation rules via GPO or with an RMM to ensure all new installations are in the correctly desired mode without having to manually change Agent status.
Refinement – The AESetup.msi file as well as all binaries that are unpacked and installed are now signed with AutoElevate digital certificate. This will help ensure the integrity of the application as well as prevent some antivirus systems from blocking installation based on that criteria.
Refinement – AEAdmin user is created at installation and then hidden from the login screen until after user logs in. It remains hidden when the system is in Audit and Technician mode, as well as when the user logs out. Having the AEAdmin user created and ready for use facilitates its expedited use during a privilege request.
Bug Fix –In certain circumstances and environments applications being launched from network shares would not to be intercepted or elevated due to network share permissions not allowing specific interaction over the network with the Windows system account. This issue was identified and fixed so that access to any network share is accomplished using the permission level of the logged in user as opposed to the machine system level privilege.
Bug Fix –On some systems the ‘technician mode’ link could not be accessed from an approval dialog box.
Bug Fix – Under certain circumstances if a user quickly cancelled out of the Windows UAC then additional UACs afterwards would not be intercepted until the Agent service was restarted.
Bug Fix – In some environments password policy complexity rules would prevent the AutoElevate admin user from being created and in some cases would then fail to install the agent. The AutoElevate password has been reduced to 127 characters.
Refinement –MSI installer now allows you to manually install the agent without preparing a special “reg” file or manually making registry entries. Basic options can be set during installation by the person doing the installation.
Refinement –MSI installer now allows all necessary agent settings to be set using command line options or arguments. Being able to specify the agent installation options in this way now makes it much easier to use a variety of RMM, GPO, scripted, or other deployment methods and options.
NOTE: Please see “System Agent Installation” in our online Support documentation for additional details of installation options.
Feature – Ticketing numbers were added to client facing dialog boxes.
Feature – Added new logic giving end users notification when there is a duplicated request (i.e. the user repeatedly requests the same thing numerous time). We have also eliminated duplicate requests going to technicians when they are within the same 24-hour period. Each time a user makes additional request for something previously requested a note is added to the existing ticket in ConnectWise. If the original request was more than 24 hours ago the technician is notified again via the mobile app if the request is made again.
Bug Fix – Additional methods to enumerate user information were added.
Bug Fix – Resolved issue with UAC Trigger detection on Windows 10 machines which would fail due to having a tilde in the path.
Refinement – Adjusted Agent so that it can identify UAC that have source files originating from network locations.
Refinement – Ticket #2032 – additional logic built around successfully identifying source files which call other files launching from Temp file locations.
Refinement – Added new Events for the event logs of:
- “UAC_TRIPPED_TRIGGER_UNKNOWN” – this will help for future troubleshooting and analysis of the agent.
- “RULE_APPLIED” first steps which will allow us to further build in the ability to report on the number of times rules have been applied as well as other analysis of rules.
Refinement – Certain computer settings related to the agent have been encrypted and/or removed from the registry to help maintain security of the overall system and to remove potential for these settings to be exploited by someone with Admin access to the machine from carrying out a “man in the middle” style hack or other similar type exploits.
Refinement – Temp files used by Agent processes to store system state and other misc. information during UAC event and approval have been encrypted and/or removed to help maintain security of the overall system and to remove potential for these settings to be exploited by someone with Admin access to the machine from carrying out a “man in the middle” style hack or other similar type exploits.
Refinement – Change in routine of how agent determines its mode when being installed. Agent will retain the existing Agent Mode (Audit/Live/Technician) when installed as opposed to automatically reverting to Audit mode. Labtech scripts have been adjusted to no longer compensate for existing Agent Mode since it is now handled by the Agent itself.
Refinement – Changes have been made to fine tune the performance of the Agent regarding computer process data collection.
Refinement – Additional changes have been made to ensure consistency and integrity of Agents ability to identify UAC events and source files.
Refinement – Approval dialog boxes have a new look and are changed to allow for more control and interaction with other agent processes.
Refinement – Callback routine has been improved so that when a requested application has been approved, put into Password Mode, and then the client immediately re-requests the same application the agent won’t get caught in Password Mode or have an extra dialog box appear when the Callback process to the Agent happens.
Refinement – Agent has been modified so that if Windows file system fails to return file path information to the UAC dialog box our Agent will still remove the UAC and prompt the user to attempt execution of the app by right-clicking and running as Administrator.
Refinement – Agent has been modified so that on extremely slow Windows computers our application will only attempt to parse the UAC for 5 seconds before it removes the UAC and then prompts the user to attempt execution of the app by right-clicking and running as Administrator.
Refinement – Adjusted the dialog box when something is denied from a rule so that the text is not cut off on Windows 7 machines.