Local Admin Provisioning
Secure & streamline the process of assigning local admin rights
Aside from the typical control perimeter of an IAM solution, there are (tens of) thousands of computers that fall into a “grey zone” and follow different rules and processes. For various valid reasons, staff sometimes require, permanent or temporary 'Local Administrator privileges' on a single machine or even a group of machines.
In most cases, managing Local Admin privileges for Windows machines is performed through parallel request/approve/implement processes, bypassing well designed & controlled IAM processes. Resulting in higher security risk and chances of human error, higher workloads and worst case: potential oversharing of admin credentials.
extend the reach of IDM to every Windows computer in your AD domain
Local Admin Provisioning integrates the local admin rights of every domain-joined computer into the role catalogue
As such, requesting/approving and revoking the Local Admin privilege on any such computer becomes a standard feature available through the NetIQ IDM self-service portal, and comes with all associated benefits like reporting, access review campaigns (through NetIQ Identity Governance) ,…
Local Admin Provisioning sits side-by-side with your AD Group Policy Objects (GPO), complementing them with the possibility to have granular control, through standard IAM processes, over individual members of any domain-joined computer’s local “Administrators” group.