Privilege Manager Legacy provides different ways for activating temporary access on a client. This documents describes activation types and lists common benefits and limitations of each type. By default, only the Credential provider activation types are usable on clients because in these types, the user can handle the whole activation process in the Windows login window or UAC (User Account Control) window.
Activation type
User interface
Benefits
Limitations
Legacy request password (disabled by default)
Recast Agent icon in Windows notification area
User gets local user account and password so user can use login to computer and use Run as Administrator functionality without Carillon credential provider
Service Desk can select how long time user can use the user account/password combination
Works offline
Works in Windows XP and older
Local account used so no access to other devices on network
User need to use Request activation code functionality (disabled by default) or contact Service Desk to get activation code
Password hard to remember (random generated password) and Windows 10 does not allow copy/paste in UAC window
Use activation code
Credential provider in login screen and/or UAC window
Service Desk can select how long time same activation code can be used
Works in offline
Local account used so no access to other devices on network
User need to use Request activation code functionality (disabled by default) or contact Service Desk to get activation code
Activation code (20 characters) must be typed in Windows 10 UAC window (copy/paste does not work when UAC in Secure Desktop)
Run with local account
Credential provider in UAC window
User can perform without contacting Service Desk by typing reason
Local account used so no access to other devices on network
Alternative credentials can be used when logged on user does not have permissions to use this activation type
Privilege Manager administrator can configure who and where this can be used (for example all users on their primary devices)
Requires connection to Privilege Manager server
Run with domain account
Credential provider in UAC window
User can perform without contacting Service Desk by typing reason
Network resources can be accessed (because using domain account)
Privilege Manager administrator can configure who and where this can be used (for example Service Desk users on workstations)
Requires connection to Privilege Manager server
Requires connection to On-Premises domain controller or used account must exist in cached credentials