Skip to main content

Endpoint Privilege Management

EPM for Windows

In this post we define in detail how EPM functions on a Windows workstation

EPM offline mode - Windows

When the idemeum desktop agent is installed on Windows and the elevation mode is set to offline, idemeum desktop agent does not capture elevation events, does not apply any rules and does not change any default Windows behavior.

EPM audit mode - Windows

Audit mode works for any user privilege - standard and admin users.

  • Capture all UAC events and upload to idemeum cloud
  • User is presented with native Windows UAC authentication
  • Rules are not applied
  • Turn on UAC prompt for admin users
  • Turn on UAC to max level for all users

EPM rule mode - Windows

The table below represents how EPM behaves depending on what user is logged in to the workstation - standard, admin, MSP, or LAPS.

OS protected
menus
App with no
admin elevation
App with
admin elevation
Standard user Request - Request
Admin user Request - Request
MSP tech Auto approved - Auto approved
LAPS account Auto approved - Auto approved
Offline mode Native UAC auth - Native UAC auth