→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
msteinblock
Engaged Sweeper
Looking for some ideas on how best to work with lansweeper action permissions. Best practice says we are not to use our PCs as administrator, yet to use lansweeper effectively we need those admin permissions. This has been a mild issue until now as it has just been me using it consistantly. Now with the onset of the new helpdesk, I see the rest of my team using it as a daily resource. I don't necessarily want to give them admin rights. Right now they just change users for the few times they need it. I am looking for a way to keep them as non-admins but change the way lansweeper actions work so they can reset passwords and vnc in to other machines. Anyone else run into any of these issues and how did you resolve it in lansweeper?

Thanks!

Matthew
1 ACCEPTED SOLUTION
Susan_A
Lansweeper Alumni
Asset actions are always run in the security context of the user initiating the action. If an action requires administrative privileges on the target machine, the user clicking the action must have those privileges. You cannot run actions under scanning credentials instead, if this is what you're asking. This feature is on our customer wish list, but we do not have a release date for it.

To run an action under a different user, you'll either need to:
  • Run your browser under that user, by Shift + right-clicking on your browser shortcut.
  • Add runas to your action command under Configuration\Asset Pages. More information on this can be found here.

For some operations, like shutting down a computer for instance, you could use a deployment package instead of an asset action. Deployments are run on the target machine itself, under the machine's scanning credential, its system account or its currently logged on user, depending on which run mode you choose. More info on deployments can be found here.

View solution in original post

1 REPLY 1
Susan_A
Lansweeper Alumni
Asset actions are always run in the security context of the user initiating the action. If an action requires administrative privileges on the target machine, the user clicking the action must have those privileges. You cannot run actions under scanning credentials instead, if this is what you're asking. This feature is on our customer wish list, but we do not have a release date for it.

To run an action under a different user, you'll either need to:
  • Run your browser under that user, by Shift + right-clicking on your browser shortcut.
  • Add runas to your action command under Configuration\Asset Pages. More information on this can be found here.

For some operations, like shutting down a computer for instance, you could use a deployment package instead of an asset action. Deployments are run on the target machine itself, under the machine's scanning credential, its system account or its currently logged on user, depending on which run mode you choose. More info on deployments can be found here.