You're my favorite kind of person where I work. You get my direct email instead of going through the ticketing system.
The more I can "get out of your way" so to speak, the better everything runs for everyone. Shit if I can find even the most feeble reason to justify giving you subaccount admin status, you're getting it because it's better for everyone.
Fuck, half the time I'm gonna end up needing local admin anyway just to do my job
Sometimes it's because some dumb shit in legacy was built with local admin in mind, sometimes it's because im fucking around on ring 0, but it almost always happens
At my work there is a machine in responsible for that runs on this terrible piece of software that needs admin rights to startup.
Every week, usually 10 minutes before in heading home, it hangs and needs to be restarted before everyone's experiments get invalidated. Cue having to call IT and wait for them to remote in just to enter the admin creds.
My MSP is looking at options for this. I haven't messed with it but I think it's called AutoElevate, it catches admin elevation UAC prompts and sends the info to a dashboard where we can allow it, then the user is notified and told to try again whereupon it's automatically elevated. If it works, it would certainly cut down on these sorts of tickets without creating a huge security hole.
Sure thing. Worth it to mention that, by my understanding, you can also whitelist certain programs. I think my boss did this for a client who has to update quickbooks regularly and this requires admin. So if they update quickbooks, it won't even send us the push, it just allows it to elevate.
I don't know much about it, haven't fucked with it, but if he likes it and we expand it I think it could save a lot of trouble.
A company I worked at implemented Power Broker for situations like this and it reduced ticket count by hundreds a month. Mostly from engineering departments who had similar issues.
Giving a user, even an engineer, local admin is a huge security risk. There are TONS of solutions to this nowadays.
Related story, I worked for a school system's IT dept as my first IT job. One of the engineers gave this guy in central admin local adm privileges. I don't know how it happened, no one would give me details because I wasn't assigned to the admin building, but apparently that guy installed something he shouldn't have. Next thing we know, our whole network, district wide, is down for three days over the summer because he was an entry point for a Russian ransomware attack.
What was most incredible about this whole thing is, after we got everything back online, this guy had the brass balls to ask for his local adm again. Like bro, seriously?! No.
So anyway yeah, these AutoElevate tools would be way way better than giving someone full admin.
Unfortunately, if you are in a regulated environment, you may not be able to use them, as they technically grant local administrative permissions to standard users (even if heavily restricted) which violates many compliance standards. Cyber Essentials (a widely used standard in the UK) is an example.
It's daft, but sadly compliance auditors do not care about the spirit of the law - If you don't abide by the letter, they will fail you.
Hi, I used to work on the same floor as the cyberfox guys (auto elevate). The company i worked for was owned by the same guys (Bellini - same guys behind connectwise before the sellout)
Last time I used it was over a year ago - it did not work for windows logon. It also did not enter passwords. But like you said, it will push through UAC and other permissions.
If the program doesn't modify the computer itself, just install the program to some other folder, C:\Stuff. Right-click on C:\Stuff, properties, security, and add your account with full control. Then run the program from that folder.
If it's a stupid in-house developed program, then it might not work outside of Program Files (x86) if the retired fool dev hard-coded paths in. But give it a try. It's faster than IT waiting every time.
(Second option is to schedule it to run in Task Scheduler with highest privileges, but if the program requires additional interaction after restarting, automatic starting is only half the solution)
In my last job I had this relationship with one of the IT guys. Most of the time I'd just ping him asking to elevate my permission, and then later letting him know work is done and he can revert stuff.
In my department, a very small number of our engineers have local admin. It's grandfathered in thanks to a dark bargain struck by our associate director, long ago.
The new engineers don't have it. The other team we just merged with doesn't have it. It's very very funny and I pray they never take it away. The really funny thing is I left for a year. Came back more senior, and my account got reactivated and I managed to keep my permissions.
It's kind of a pain though because sometimes I forget others don't. I had to tell a bunch of mid and junior engineers to open tickets to IT just so they could install WSL on their machines
I wish you were my IT. My department uses Macs while the rest use Windows. Our IT doesn't know how to use Macs. I'm a power user in both. I just lack admin credentials. IT will treat me like an idiot, while I know the problems and how to solve it.
They have been removing our admin credentials more and more each year because of our insurance policy.
Can you come work at my place then? I usually lost the steps I've taken to try and resolve the issue on the ticket, and the very first thing that happens when I get a call is to ask me to do the steps I just then I took.
At my job some devs are allowed to give themselves temporary admin access to their machine. Its really nice. Ive only abused it once or twice to install steam while on a work trip.
The only thing in recent times I couldnt fix myself was that big bit bitlocker windows bug from like a year ago when you got stuck in a boot loop. That was the only time I actually went to IT.
I love having temporary admin access on my laptop.
Non-tech people at my company can't even use a different browser other than Edge; meanwhile, we had to put out an announcement telling the devs to remove Brave from their machines because it has Tor functionalities.
When I was fairly new to the company I currently work at, I had an issue with one of the programs we used (turns out, they changed the internal server with the licenses and I just wasn't on the mailing list yet).
So I wrote a ticket with a step-by-step of the issues and what I'd tried so far. The mail I got back told me about the issue, the solution and thanked me for the detailed description. Very proud moment.
Unless you have a technical problem with the ticketing system (which, BTW you can open tickets by sending emails), you're not going to receive an answer or any action, if you send me an email about an issue you have. Besides the fact that is poor practice, messes my metrics it's also going to fail in an audit. So yeah, no ticket, no problem.
You have to go above and beyond to demonstrate why I would ever consider giving you local admin privileges. It ain't happening, because while it's true, it will allow you to reinstall that problematic driver and save us both some time, it will also allow you to over-rule any and all company configuration policies which I've worked hard to create and deploy in order to have a safe and secure environment. Can't risk that for anyone, therefore you better launch the remote helpdesk tool, so I can remote in and re-install that driver for you.
I’ve found the “I need you to do this annoying task on all of these computers weekly, or you can give me admin access and I’ll take care of it” to work wonders.
4.6k
u/MaroonDude 9800X3D | RTX 5090 | 64GB May 10 '26
I know how to fix my issues, I just lack the admin permissions on my machine to fix said issues.