Getting Administrative Privileges with Privilege Manager


IT are introducing an improved way of enabling academics and researchers to obtain Administrator level (elevated) privileges to update software. This is called Privileged Access Management (PAM). 

What is happening?

The University of Leeds is currently deploying a programme called Delinea Privilege Manager to all the Windows and Mac computers it manages. This solution will let you run an application on an elevated (i.e. administrator) basis as/when required.  

You do not need to do anything to obtain the Delinea software, it will be automatically installed on all University-managed computers. 

Why are we doing this?  

This is to make administrative privileges simpler to use, quicker to obtain, and to reduce bottlenecks. 

Previously, academic and research staff wishing to install/update software would either need to request support from IT, which can involve a significant delay, or request full administrative privileges to their computer, which entails security risks. 

PAM transforms and simplifies the process of obtaining permissions by allowing applications to run on an elevated (i.e. administrator) basis. 

Academic Researchers are being granted the ability to “Self Elevate” programmes, even if they do not have administrative privileges. In practice, this means Academic Researchers will be able to install and update programmes, as well as run them on an elevated basis, without needing an administrator account. 

How does it work? 

PAM works by installing a small programme on each computer, called an “agent.” The agent is controlled centrally by the IT Security Team, which can distribute policies to the computer it is installed on. The policies allow programmes and processes to run on an elevated basis. 

In the case of self-elevation, the policy enables users to make that decision. 

In order to self-elevate a programme or process, simply right click the icon of the programme or process you wish to elevate in the file explorer or desktop (N.B. this will not work if you click on the item from the start menu) and then select “Request Run As Administrator.” You will see a popup window asking for a reason you are running the programme or process elevated, and a field for your normal account password. 

When you enter this information, the programme will run elevated. You do not need to wait for permission. 

How are we doing it? 

PAM is being phased in as follows: 

We’ll keep this article updated with the latest information and let you know them via the University’s all staff enewsletter.  

What if I already have local administrator privileges? 

You can expect to be contacted by the team deploying Privilege Manager in order to check if you still need these privileges. If you do still need them, then no action will be taken at this time. If you no longer need these privileges, then they will be removed. 

If you are not an academic researcher, then no action will be taken at this time. 

What if I still need administrator privileges?  

The Administrative Privileges ("Admin Rights") request process will remain in place and new applications for administrator privileges will be considered. However, it is expected that fewer users will require them because they will be able to self-elevate programmes and processes via Delinea. 

PAM service development 

IT Security will be identifying appropriate methods to develop and improve the service in the future. 

Just because an application is allowed to run elevated by Privilege Manager, that does not necessarily mean it is supported by the University. Please exercise appropriate caution when using this tool. 

If you have any questions, please don’t hesitate to contact r.quinn@leeds.ac.uk.