Technician Mode - 2FA Authentication & Command Tray
Table of Contents
Technician Mode allows any of your established Technicians with AutoElevate user accounts to bypass the automatic approve/deny rules established for your end users so that they can interact with the UAC manually and not generate a request.
The Technician Mode Command Tray displays the basic Machine Security disposition information and Application Security information to your technicians and allows them to fill in each UAC using either the built-in ~0000AEAdmin credential or the currently logged-in user’s credential.
Note: Technician Mode is not supported for machines with multiple sessions, such as Terminal servers, and will not activate.
What are the benefits of Technician mode?
- Allows your internal IT staff to do administrative work on systems without being logged in with an account with Admin Privileges and without knowing the local Admin account/credentials.
- Makes access to machines for administrative work faster and more convenient.
- Eliminates the need to maintain and rotate a local Admin password scheme for your technicians at all your client sites.
What You Will Need:
- AutoElevate Agent Version 2.2.0 or greater
- AutoElevate Notify Mobile app on your Android or iOS device version 1.3 or greater
All agents will attempt to update automatically, but to check the AutoElevate Agent Version on your computers, do the following from the Admin Portal (https://msp.autoelevate.com ):
- Go to the Computers screen
- Expand the groups in your view so you can see the data in the column entitled: Agent Version
- If the Agent Version is not version 2.2 or greater, it must be manually updated by reinstalling the most current version with your RMM or other installation method.
To check the AutoElevate Notify mobile app version:
If you have the latest version of AutoElevate Notify, you will see the new QR Code Scan Button at the top right-hand side of the app:
If you have the latest version of AutoElevate, Notify, you will see the new QR Code Scan Button in the top left-hand side of the app:
To install/update the mobile apps, search for AutoElevate Notify in Google Play or the App Store from your device or use the following links:
How to Use:
From a machine with the AutoElevate Agent version 2.2.0 or greater, do the following:
- Press CTRL + Alt + A (or use the Technician Mode link on any dialog window, or put the Computer into Technician Mode from the Action in the Admin Portal)
- A QR Code will appear
- Open the AutoElevate Notify application (version 1.3 or greater as seen above) on your mobile device
- Press the QR code icon in the top bar of the app
- Scan the QR code on the machine with the AutoElevate Notify App
Once Technician Mode is active, you will see a box appear in the lower right corner of the computer screen that looks like this:
While Technician Mode is active, each action or application requiring Admin privileges will display the Windows UAC with the Command Tray attached:
Technicians can use the information provided in the Computer Security and App Security sections to help decide whether to use Admin elevation for each UAC prompt.
The “Copy Malware Check Link” will copy a customized weblink to the VirusTotal database reference for the action or application that has caused the UAC to appear. To view the VirusTotal information open a browser and paste the link in the URL field. Technician Mode only provides the customized link and doesn’t provide a button that automatically launches the website in this circumstance for security purposes.
The technician can use Admin privileges by clicking the “Admin Elevation” or “User Elevation” buttons. They can manually enter a username and password into the UAC or click “No” to cancel.
User Elevation is only available if the logged-in user’s credential has been previously stored in the Windows System Credential manager by AutoElevate. If the logged-in user’s credential has not been previously stored, then clicking “User Elevation” will produce a prompt that will allow the credential to be entered and confirmed (for use in this and future elevations). Otherwise, only Admin Elevation will be available.
To exit technician mode on the computer, click the "Back to Live Mode" button (or whatever previous mode the agent was in before entering technician mode). The session will automatically timeout after 15 minutes by default, but this time can be modified under the new multi-level Settings screen. Once Technician Mode has ended, UAC events will be automatically processed according to the rules and mode that the agent is.