Chat now with support
Chat with Support

Safeguard Privilege Manager for Windows 4.3 - Administrator Guide

About this guide What is Privilege Manager? Installing Privilege Manager Configuring client data collection Configuring instant elevation Configuring self-service elevation Configuring temporary session elevation Configuring privileged application discovery Deploying rules Removing local admin rights Reporting Client-side UI Customization Using Microsoft tools Maintaining a least privileged use environment Database Planning Product Improvement Program

Customizing self-service request email messages

The approval and denial email messages that are sent as a response to the user's self-service elevation request can be customized.


The default Approval message says the following:



Your request to run the following application with elevated privileges has been "approved".

Request Date: <ExecutionDate>

Requested Application:




Reason for request: <Reason>

This new privilege should be available on your computer once Windows has refreshed its domain security policies.


The default Denial message says the following:



Your request to run the following application with elevated privileges has "not" been approved.



Please contact your administrator for more details.


These messages can be customized by opening the MessageTemplates.cfg file in the Privilege \Console folder.


Each message in the cfg file starts with "======StartOfMessage==========" and ends with "======EndOfMessage============."

The text between these delimiters can be customized to your liking.

Text delimited with < > are variables that are replaced with data at runtime.

The following variables may be used in the Approval message:

  • ExecutionDate
  • ProductName
  • Path
  • Arguments
  • Reason

The following variables may be used in the Denial message:

  • ProductName
  • Path

Using self-service notifications

If you would like to receive an email when a user on a client computer submits a Self-Service Elevation Request Form, you can set up a self-service notification. You can configure it to go to multiple recipients, including you, your manager, and/or the help desk. In addition, you can set the subject line to meet the requirements of your help desk.

To set up self-service notifications:

  1. Configure the server.

    1. Use the Privilege Manager Server Setup Wizard to configure the Server Email Notification Configuration settings on the first screen of the wizard.
    2. If you have previously completed the wizard, the other screens will automatically populate.
    3. Refer to the Privilege Manager for Windows Quick Start Guide for step-by-step instructions.

  2. Configure the recipient.

    1. Use the Settings tab on the Self-Service Elevation Request Settings Wizard to configure the Email Notification Settings.
    2. For more information on the wizard, see Using the Self-Service Elevation Request Settings Wizard.
    3. For more information on setting up Email Notification Settings, see Send an email notification to the administrator whenever a user submits a Self-Service Elevation Request.

  1. Check your email for the self-service notification, containing information on the user, the request, and the client’s computer.
  2. Accept or reject the user's request Using the Self-Service Elevation Request Processing Wizard.
  3. Inform the end user of your decision Using the Console Email Configuration screen.

Using the Self-Service Elevation Request Processing Wizard

Shortly after a user on a client computer has submitted a Self-Service Elevation Request Form, you can view and/or process it within the Self-Service Elevation Requests section of the console (provided that your environment is properly configured according to the Maximum Sleep Time setting).

You can only view data stored in the database of the server that is selected in the server configuration (Setup Tasks > Configure a Server).

When processing a self-service elevation request, you can either create a rule to elevate privileges for the process or deny the request. You can then email your decision to the user using the Console Email Configuration screen.

To view or process self-service elevation requests:

  1. Open the Self-Service Elevation Requests section from the navigation pane of the console. The requests will be displayed in the window to the right.
  1. Click the Display requests button to list the self-service elevation requests submitted by users, based on the default filter settings shown in the Applied Filters section on the top of the screen.
  1. Select a request in the Self-Service Elevation Requests grid below. Use the grid's column headers to sort the requests.

By default, you'll see:

  1. Requests to elevate any type of applications;
  2. Requests sent during the last 30 days; and
  3. Requests that have never been processed with the Process request button from the current section.
  1. Use the Applied Filters wizard to modify the list. You can create multiple shared filter sets and save settings that other administrators can use. For more information, see Using the Applied Filters Wizard.
  2. Select a record and then click the Process request button to open the Self-Service Elevation Request Processing Wizard.
  3. On the first tab of the wizard, view the details for a process that failed to start, as well as the reason for requesting elevation privileges. Click Next.

  4. Select whether you want to create a rule to elevate the privileges for this process or deny the request.

    1. If you approve the request, the Create Rule wizard will display to create a rule for the requested process. By default, the rule will be created for a specific user at a specific computer, and the Administrators group (stored within the BUILTIN\Administrators Active Directory OU) will be added to the rule. Use the Validation Logic tab to modify this setting.

    1. Once a request has been processed and a rule has been created for it or it has been denied, the Processed Action column will display a rule created or ignored value.
    2. To view ignored requests or requests for which the rules were created, change the Process Date of Item filter on the Applied Filters Wizard from "None: Item has not been processed" to the corresponding Date Range.
  5. Select whether or not to email your decision to the user. This feature requires that you set up the Console Email Configuration settings.

  6. Click Finish to save.
  7. The rule created from the request will be added to the selected GPO with a default name.
  8. Select Export to export the list of requests presented on the grid. The list will be saved as an .xls file.

After the rule has been created:

  1. The rule will be added to the target GPO of the Group Policy Settings section; and
  2. The rule will apply after the GPO settings are updated on the client computer.

Using the Console Email Configuration screen

If you would like an email message to be sent to the user when you have approved or denied their self-service elevation request, you can configure the settings using the Console Email Configuration screen found under Setup Tasks.

To configure the server to send your self-service elevation request approval or refusal:

  1. Select Console Email Configuration from the Setup Tasks section.

  1. Fill in the following fields:

    1. Host Name: Enter the SMTP Server name of the email account from which you are going to send your emails.
    2. SMTP Port: Enter the port number.
    3. SMTP User Name and Password: If necessary, enter the authentication information and check the SSL checkbox.
    4. From Email: Enter the corresponding email.
  2. Click Send Test Email to send an email to the account specified within the From Email field.

    1. If Privilege Manager succeeds in sending the email, the corresponding message will display.
    2. Log into an email program with the corresponding account and locate the sent email with Privilege Manager Test Email in the subject.
  3. Click OK to save the settings and quit.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating