Automatic account downgrade

Automatically remove admin rights from computer accounts.

Overview

With idemeum you can automatically downgrade local admin accounts on workstations. When this feature is enabled at the customer tenant level, idemeum desktop agent will enumerate all local admin accounts on workstation and downgrade the ones that are not on the exclusion list.

Configuration

Access admin portal for any customer tenant
Navigate to Settings → PAM
Enable Enable auto downgrade in the Account discovery and management section
Optionally specify the accounts that you want to exclude from downgrading. You can specify multiple accounts
Save the configuration

Idemeum desktop agent will periodically check the local admin accounts on each workstation, and will downgrade the ones that are not on the exclusion list.

Quick-start guides

Core features

Desktop agent

JIT Computer Access

JIT Entra ID Access

Cloud LAPS

Endpoint Privilege Management

Multi-tenant MSP portal

RFID Single Sign-On

Security

Support

Knowledgebase

Legal

Automatic account downgrade

Overview

Configuration

On this page