Privilege Elevation

Powerful Tools Automate Privilege Creation and Assignment

Centrify makes privilege creation and assignment easy by giving you a wide range of tools to automate tasks.

Application Rights Builder

The Application Rights Builder makes setting up application privileges easy for Windows administrators. You simply select an application or a running process to which your user(s) need access and the Builder figures out all of the privilege dependencies needed to run that application — including file paths and command arguments. Match criteria values can be edited at any time and you can make any set of application privileges a template for the creation of rights across servers.

Centrify's solution provides pre-defined application rights for 18 consoles, for a total of 28 pre-defined rights for managing Windows Server. These pre-defined rights make it easy to get started with privilege management for your Windows servers; for example, you can quickly grant your admins the right to manage Windows services without having to give them local administrator accounts.  

Sudo Migration

Centrify's sudo migration wizard helps you to easily migrate your local sudoers files to a centralized authorization model in Active Directory that's integrated with identity and auditing policy. This allows you to move from local to centralized authorization, simplifying enforcement of roles and privileges and eliminating local file management and the need for distributed file synchronization.

The sudo migration wizard retrieves sudoers files and stages that information within a Centrify Zone. The import wizard allows you to: 

  • Create or leverage existing Active Directory groups that map to the sudoers file user alias
  • Create computer roles to match the scope defined within the sudoers file host alias
  • Create Centrify rights
  • Create Centrify privileged commands from the sudoers file command alias
  • Augment privileged commands for the UID to run as based on the sudoers file run as alias

PowerShell cmdlets

Centrify's solution includes the Centrify Access Module for PowerShell, which consists of the following: 

  • Application programming interfaces in the form of PowerShell command-line programs, or cmdlets, that are packaged in dynamic link libraries (.DLLs)
  • A PowerShell help file that includes complete cmdlet reference information and a scripting guide
  • Sample scripts to illustrate administrative tasks
  • On Windows computers, you can use the Centrify Management Access Module for Windows PowerShell to develop your own custom scripts that access, create, or modify Centrify-specific data in Active Directory. You can also create custom report scripts using cmdlets specifically designed to query Centrify data.