Stop giving users persistent admin access. ElevateGuard lets users request elevation via right-click — IT approves or denies in real-time. Full audit trail, zero standing privileges.
Install the lightweight ElevateGuard agent on your Windows endpoints. Integrates with the credential provider for seamless UAC flow. Takes under a minute.
Demote users from local administrators. ElevateGuard handles the rest — users never need standing admin access again.
When users need to run something as admin, they right-click and choose "Request Elevation." The request is sent to your IT team instantly via MQTT.
IT admins approve or deny requests in real-time from the web console. Set up auto-approve rules by application hash, publisher, path, or name to skip the queue for trusted apps.
Users request admin access from the Windows context menu. No calls to the help desk, no shared admin passwords, no waiting for remote sessions.
Elevation requests appear instantly in the web console via MQTT. Approve or deny with one click — the user sees the result in seconds.
Create rules based on application hash, publisher certificate, file path, or executable name. Trusted apps elevate silently without IT involvement.
Every elevation request, approval, denial, and auto-approve event is logged. Who requested what, when, and who approved it. Export anytime.
Deploy in learning mode first to capture all UAC events across your fleet. See what users actually need admin for before enforcing policies.
Hooks directly into the Windows UAC flow via a custom credential provider. Seamless experience — no workarounds, no hacks, no shell replacements.
Manage multiple companies from one console. Per-company policies, auto-approve rules, and audit logs. Built for MSPs from day one.
All communication between agents and console happens over MQTT. Instant request delivery, instant response. No polling, no delays.
Start with a 14-day free trial. No credit card required. Full access to all features.
ElevateGuard currently supports Windows 10 and Windows 11. The agent runs as a lightweight service and integrates with the Windows UAC credential provider.
The agent adds a "Request Elevation" option to the Windows context menu. When a user selects it, the request (including the application name, hash, publisher, and path) is sent to the ElevateGuard console via MQTT. IT admins can approve or deny in real-time, and the application launches with elevated privileges.
Learning mode captures all UAC elevation events on your endpoints without blocking anything. This lets you see exactly what applications users are running as admin before you remove their admin rights. Use the data to build auto-approve rules so the transition is seamless.
You can create rules that automatically approve elevation requests based on the application's file hash, publisher certificate, file path, or executable name. When a request matches a rule, it's approved instantly — no IT intervention needed. Great for trusted installers, signed vendor tools, and known-good applications.
Absolutely. ElevateGuard supports multi-tenant management from a single console. Each company gets its own endpoints, policies, auto-approve rules, and audit logs.
Yes, every plan includes a 14-day free trial with full access. No credit card required.
Requests remain pending until approved or denied. You can configure a timeout policy to auto-deny requests that aren't acted on within a set time. Users can also cancel and resubmit requests.
No — ElevateGuard and LAPS solve different problems. LAPS rotates local admin passwords. ElevateGuard removes the need for users to have admin rights at all. They complement each other well. For local admin password management, check out CredGuard.