EPM for Windows
In this post we define in detail how EPM functions on a Windows workstation
EPM offline mode - Windows
When the idemeum desktop agent is installed on Windows and the elevation mode is set to offline, idemeum desktop agent does not capture elevation events, does not apply any rules and does not change any default Windows behavior.
EPM audit mode - Windows
Audit mode works for any user privilege - standard and admin users.
- Capture all UAC events and upload to idemeum cloud
- User is presented with native Windows UAC authentication
- Rules are not applied
- Turn on UAC prompt for admin users
- Turn on UAC to max level for all users
EPM rule mode - Windows
The table below represents how EPM behaves depending on what user is logged in to the workstation - standard, admin, MSP, or LAPS.
| OS protected menus |
App with no admin elevation |
App with admin elevation |
|
|---|---|---|---|
| Standard user | Request | - | Request |
| Admin user | Request | - | Request |
| MSP tech | Auto approved | - | Auto approved |
| LAPS account | Auto approved | - | Auto approved |
| Offline mode | Native UAC auth | - | Native UAC auth |