Activation codes allow users to activate a temporary local user account on their computers for a specified duration. Activation codes are created by service desk personnel and the activation code itself will be entered to the Privilege Manager Client by the user requesting the temporary local user account or on Windows 7 (and newer) computers the activation code can be entered when the operating system prompts for credentials. Also on Windows 7 (and newer), computers users can login to computer using an activation code. This is done by the Privilege Manager Client credential provider.
Temporary local user accounts must be created first for the Privilege Manager Clients before the activation codes can be created. Therefore Privilege Manager Clients must connect to the Agent Gateway to receive management rules before activation codes can be created.
Activation codes use time stamps for verifying validity, so the clock of the server running the portal ASP.NET application and the clock of the user's computer must be in sync. By default, the time difference can be +/- 5 minutes but this can be adjusted by the Privilege Manager Client configuration.
When a temporary user account validity time expires, the password of the temporary local user account is automatically changed by the Privilege Manager Client. If a temporary local user account is logged on to the computer when the validity time expires, the temporary local user account is not automatically logged off from the computer. Therefore, the temporary local user account is valid until the validity time is expired and the temporary local user account is logged off from the computer.
- Select domain
Select the users computer domain from the dropdown list. If the computer is in a workgroup, select the 'WORKGROUP' option. Actual workgroup name on the Privilege Manager Client computer is irrelevant.
- Specify computer name
Specify users computer name. Use NETBIOS computer name. User can check the computer name with hostname command line command. You can use * -character in front or the end of the search value. Click search image to perform search and if multiple computers returned by the search then select computer from the dropdown.
- Search accounts
Click the 'Find temporary user accounts' button to search available temporary local user accounts for the specified computer. If a temporary local user account is not available for the computer, you are not able to provide an activation code for the user and therefore temporary local user accounts can't be activated. The most common reasons why activation codes cannot be created for specified computer are:
- Managed user rules are not created or targeted to specified computer
- Computer has not yet contacted the Agent Gateway
- Select account
Select a local temporary user account that will be activated for the user. There can be several local user accounts available for the specified computer so make sure that you select the correct one. All temporary local user accounts can have different permissions on the specified computer based on management rules effective on the specified computer.
- Account validity
Select the temporary local user account validity time. The user who performs the activation on the target computer can use the temporary local user until the validity time has passed. Temporary account validity time starts when the user activates the temporary local user account on the computer.
When an activation code is used on Windows 7 (and newer) with the Privilege Manager Client credential provider, the user does not see any user account or password information. In case of the Privilege Manager Client credential provider, the requested action is automatically performed with the temporary user account. Therefore, temporary account validity time does not affect the Privilege Manager Client credential provider activations, use the activation code validity time to specify how much time the activation code can be used for on the target computer.
- Specify reason
Specify the reason why a user requires the temporary local user account activation. The reason can be selected from the dropdown list or a custom reason can be typed to the combo box. Use predefined reasons when applicable to make reporting more efficient!
- Create activation code
Generate an activation code for the specified computer. A new window will be opened where you can see the generated activation code:
If you spell the activation code for the user over the phone, spell the code in five parts (shown in own rows with spelling alphabets). You can also copy the activation code to clipboard if you sent the activation code via email. User can type characters in lower or upper case.