Before you configure temporary session elevation settings, ensure the following components are set up:
1. The Privilege Manager client is running on the computers you want to apply the settings to;
2. The server is configured and running with the port allowed that you have selected for incoming data (the default port is 8003); and
3. Client Data Collection Settings is enabled for the selected GPO.
4. The use of offline passcodes is enabled in the Deploy Client wizard. (Getting Started | Setup Tasks | Deploy Client Wizard) under the "Settings" tab check the box labeled "Enable clients to use offline passcodes to create temporary elevated sessions."
To use the Temporary Session Elevation Wizard to set up privileges:
1. Open the wizard:
a. Open Passcode Manager from the Temporary Session Elevation section on the navigation pane of the console.
2. Create a new passcode:
a. Click "New" to start the Instant Elevation TSE passcode generator.
3. Enable the Instant On Demand Privilege Elevation settings on the State tab.
a. Choose "Enabled", otherwise the settings won't apply to the selected GPO.
b. Choose "Not Configured" to have child GPOs inherit settings from their parent.
4. Use the Groups tab to alter the Security Token used.
By default, users of the target GPO will automatically inherit the administrator's settings (BUILTIN\Administrators).
5. Complete Privileges, Integrity, and Validation Logic tabs.
6. Create a passcode using the "Passcode" tab.
a. Enter a Title to describe the passcode.
b. Enter a Maximum allowed usage. This is the number of times the passcode can be used before expiring.
c. Enter a Duration. The duration is the amount of time the passcode will remain active once activated.
d. Optionally, select the checkbox "End all elevated processes (and child processes) when Passcode duration expires." If selected, this will close all windows that were opened with a Temporary Session Elevation passcode.
e. Click "Export to file" to save the passcode for end user use.
7. Click "Finish" to complete the wizard.
8. Deliver the exported passcode to the user.
Using temporary session elevation
From user's perspective, once you receive the exported passcode from the system admin, you can use it following the steps described on the user's guide: