Technician Bypass Mode - Technician Mode Authentication Setting
Learn how to enable Technician Bypass mode to interact with the UAC directly.
Technician Bypass Mode
This mode is controlled from the Admin Portal by setting the "Technician Mode Authentication" setting under the Agent section in the Admin Portal (to either "Off" or “Auto”). Technician Mode Bypass does not require QR code authentication. This mode bypasses AutoElevate and allows a technician (or other user) to interact with the Windows UAC directly without having AutoElevate:
automatically apply Approval or Deny rules
produce notifications to the rest of your team
require authentication using an AutoElevate account
When Technician Bypass Mode is active, you'll see the Technician Bypass Mode dialog box displayed on the machine:
From this dialog, you can enter “Authenticate Technician Mode” to gain access to its enhanced features by clicking the button, or you can exit Technician Bypass mode to go back to the previous mode (i.e., Back to Live Mode) by clicking the corresponding button.
The available "Technician Mode Authentication" options in the Admin Portal are ON, OFF, or Auto.
Setting to OFF or AUTO enables Technician Bypass Mode.
On a machine that has the AutoElevate Agent installed, Technician Mode (or Technician Bypass Mode, depending on your settings) is initiated in one of 3 ways:
Pressing Ctrl+Alt+A will activate Technician Bypass Mode
Clicking the Technician Mode link in the lower right-hand corner of a dialog box on the machine
Running the AETechnicianModeLauncher.exe executable (found in the C:\Program Files (x86)\AutoElevate\ directory).
To change the behavior and/or enable Technician Bypass Mode, go to the Settings menu in the Admin Portal > select Global> Agent Customizations & Behavior > Technician Mode Authentication> Edit (pencil icon)> and then select the desired setting in the ‘Setting Value‘. Another option would be to create a new Level Setting (Whole Company, Location, or Computer) using the "+" icon from the top of the grid.
Enabled: Authentication is required using the AutoElevate Notify app, which gives the technician access to Technician Mode's enhanced features (please see Technician Mode - 2FA Authentication & Command Tray ). “Enabled” is the default setting.
Disabled: When the technician mode link is clicked, the workstation will immediately enter Technician Bypass Mode without any authentication, regardless of the user's privilege level. This allows the user to interact with the UAC directly, but keep in mind that If the user is logged in as an administrator, this will allow them to bypass the AutoElevate system easily and, therefore, should be used cautiously.
Auto: The requirement for authentication is changed automatically based on the privilege level of the user that is currently logged into the computer.
If the user logged into Windows has Standard privileges, entering technician mode will not require authentication with AutoElevate but will immediately enter Technician Bypass Mode.
If the user logged into Windows has Administrator privileges, clicking the link to enter Technician Mode will require a valid authentication with AutoElevate.
- If the user logged into Windows has Standard privileges, entering technician mode will not require authentication with AutoElevate but will immediately enter Technician Bypass Mode.