December 27, 2023
— Nik Pot
Elevated access to computers
Automatic admin account creation
In the previous model we needed you to create local admin accounts manually, and then when the desktop client was installed, you were required to specify a local admin account for each workstation.
Now we automatically create shared local admin accounts when technicians access customer workstations. What is more, we automatically disable them, and rotate passwords when technicians log out. This way we reduce the attack surface and only enable local admin accounts when necessary.
To make this new model possible, we have released the new desktop client, updated our cloud service, and released new iOS and Android mobile applications. Please make sure you update to the latest software to try new features.
Updated quick-start guide
Assign domain shared account for elevated access
While we automatically create, enable, and disable local admin accounts, we have heard from you that sometimes it might be beneficial to leverage existing domain accounts for elevated access (for domain-joined workstations).
For this purpose we allow to override the automatic local admin account creating with domain account of your choosing. For example, if I have domain-joined Windows workstation, and I want my technicians to login into this workstation with existing domain account, I can configure that.
Ability to disable native Windows login
We now allow you to disable native Windows login with username / password so that idemeum login is enforced. For example, if you set up idemeum Passwordless MFA for local workstations, you can now disable the native login so that login with mobile device is enforced.
Windows Desktop Client 1.2.5
- Support for automatic account creation for elevated access
- Ability to automatically enable and disable local admin shared accounts
- Ability to manually assign shared domain admin account for elevated access