If you have a role assignment with a desktop access right, you don’t have to create a new desktop to run a local application using your administrative privileges. You can select any local application directly from your default desktop, then select a role you have been assigned without creating a new desktop or switching from one desktop to another. This is often the best solution if you only run one application using your administrative privileges or rarely need to invoke those privileges.
To run a local application using a selected role:
- Navigate to and select the application you want to run.
Right-click the executable or shortcut for the application.
If you want to open the application from the Start menu, press the Shift key when you right-click.
Select Run with Privilege.
Selecting Run with Privilege is similar to selecting standard Windows “Run as” or “Run as administrator” menu items, but does not require you to provide a password for an administrative or shared service account. Instead, you always use your own password to authenticate your identity.
If the Select Role dialog box opens, select a role from the list of available roles, then click OK.
Note: If there is only one role assigned to you that allows you to run the application, the application will automatically run using that role, and the dialog box does not open. If you would like to access the Select Role dialog box, press the Shift key when you select Run with Privilege.
Type the password for your login account if you are prompted for it, then click OK.
If your administrator has enabled privilege elevation justification, a justification dialog box appears.
Enter the following information to justify why you need to run the application with privilege:
- Ticket number: If your administrator has instructed you to enter a ticket number, do so here. (This field can be used with ticketing systems such as ServiceNow and so forth.)
- Reason: Select the reason category that best fits your situation. Your choices are:
- Software Installation
- Remote System Administration
- Local System Administration
- Windows Feature Management
- System Networking Change
- Maintenance (Shutdown, Reboot, Power Off)
- PowerShell or Other CLI
- Centrify Operation (Services, Zone Operations, etc.)
- Comment: Enter any comments about your need to run with privilege.
If your administrator has enabled multi-factor authentication, complete the additional authentication challenges after entering your password.
After you select a role, you have the rights associated with that role. The application opens with the privileges associated with a specific user account or with the members of a particular administrative group and an audit trail event is recorded in the Windows Application event log. When you close the application, you resume working with your normal account privileges and group membership.