You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > 330: Least Privilege Manager > Knowledge Base > 06: Tips for Admin Approval, Self Elevate, Apply on Demand, SecureCopy and UI Branding > 07: Least Privilege Manager - How to create a Self-Elevation policy for local groups of Standalone computers
07: Least Privilege Manager - How to create a Self-Elevation policy for local groups of Standalone computers
print icon
  1. When creating the Self Elevation Policy in LPM, create the rule as you would normally and choose whichever Executable types you wish the members of the local group to be able to execute, and also whether or not the policy should apply to child processes.

  2. When you get to the Allowed Users section be sure to use the “Add custom user/group by SID as member option”, see below for an example.

  3. At this point you will need to look up the SID for the local group you wish to have the Self Elevation policy apply to, you can do this by running the command “whoami /groups” on the computer where the local group exists. See below for an example.

  4. In this example, I will be using the SID for the BUILTIN\Users group “S-1-5-32-545”

  5. Your policy should look similar to the example below.

  6. Lastly, deploy the policy and test if Self Elevation works, if the LPM Self Elevation policy applies successfully to the local group then when you right click on any of the Executable types you selected in the policy you should see the “Run Self Elevated with PolicyPak” option available as in the example below.

Feedback
0 out of 0 found this helpful

scroll to top icon