Background
Make Me Admin is a Just-in-Time (JIT) elevation tool for Windows devices that allows a user to request administrative rights for a period of time. Make Me Admin significantly reduces security risk by avoiding persisting admin rights even when the user does not need them while still providing a simple interface for requesting them when they do.
Usage
How to Elevate to Admin
- Confirm Make Me Admin is installed on your current device. It should be available from the Start Menu as shown
- Open Make Me Admin and select "Grant me Administrative Rights"
- Select one of the Reasons from the dropdown menu. For example:
- Click Ok and you should receive a notification that you have been elevated
Troubleshooting and Common Issues
Make Me Admin is not installed
Make Me Admin should be installed and available to every LSA Managed device through Software Center. If Software Center is unavailable for whatever reason, LSA TS Desktop Support staff may obtain a copy of the Make Me Admin installer from the WLMSToolkit at \\umroot\lsa\SCCM\WLMSToolkit\Make Me Admin along with the Default Configuration script. The LAPS account may be used to install the application along with running the default configuration script.
Make Me Admin says "You are not authorized to use this application"
The device does not think the current user account is a member of any groups authorized to obtain admin access.
- Confirm the currently logged in account is expected to be an admin account. You may check the Start Menu or use the command
whoami from a command prompt if it is unclear which user is currently logged in.
- Verify the device is in the expected location within Active Directory and that the account is in one of the groups granting administrative access
- Refresh Group Policy to ensure the device has the latest policy from Active Directory
If the device is still unable to obtain administrative access, an LSA TS Desktop Support member should contact the Infrastructure team and use the LAPS account to elevate and resolve the problem.