Follow this link to go to the text only version of
HQ Information Technology and Communications Division
 + Notices

+ ITCD Home > Products & Services > Elevated Privileges - End Users

Elevated Privileges (EP) allow you to perform configuration changes or other advanced functions on your computer that ordinary users are not authorized to perform. Some examples are to install home printers, troubleshoot a home Internet connection, install approved software for development work, run custom programs, etc.

The granting of Elevated Privileges does not give a user unrestricted authority to change system configuration, install executable software, or to otherwise add/modify/delete existing software products.

Accessing information systems with elevated user privileges greatly increases the risks of security incidents and of unintended and/or detrimental changes to system configurations. It is considered best practice to restrict user rights in order to limit the scope and lessen the opportunity of attacks.

Types of Elevated Privileges What to Expect Assistance
Requesting Elevated Privledges

Required Training

Types of Elevated Privileges

General users are granted elevated privileges for only clearly established purposes that are approved in advance. The only user that can be assigned EP is the end-user to whom that computer is assigned.

Users requiring specialized above core software must have it approved through the HQ Triage 3 Software Approval Process in advance of installation. Changes to baseline system configurations must also be approved in advance of implementation as part of the elevated privileges request.

System Administrators and Software Developers are expected to maintain system configurations within the Agency or locally established baselines. Development of system and application changes and the baselining of new software and applications are expected to occur in development environments and/or the software engineering facilities. All changes must be approved through the Change Control Board prior to implementation on production systems.

Users granted elevated privileges who fail to follow these guidelines will have their elevated privileges terminated. Additionally, they may be subject to disciplinary action for failure to abide by appropriate use guidelines. See ITS-HBK-2810.15-02A and the NASA HQ Appropriate Use Policy for more information.

NASA Headquarters personnel may request short-term (up to 30 days) or long-term (up to 364 days) elevated privileges if required to accomplish your NASA mission.


NASA Headquarters personnel may request short-term or long-term elevated privileges if required to accomplish your NASA mission. After all approvals have been made, and it is confirmed that the required training course(s) have been completed, access is normally granted within 48 hours, depending on ACES scheduling and the specific operating system.

You must submit one NAMS request per computer for which you are requesting elevated privileges:
  1. Complete the EP training requirements outlined below.
  2. Access NAMS within the IdMAX application:
  3. From the menu on the left, click Your NAMS Requests.
  4. In the New Request text box, enter the search term “elevated” and press return.

    If you are a System Administrator seeking elevated privileges on a non-ACES server, you must submit a NAMS request using the search term "HQ Elevated Privileges for NON-ACES computers."

  5. Scroll down to and click ACES workflow for Elevated Privileges.
  6. Ensure your name is the requester
  7. Click the Sponsor tab | Ensure your sponsor is your supervisor. If necessary, search for your supervisor's name and click Select.
  8. Select the appropriate Urgency.
  9. Select the Operating System for this request | Select the EP Type.
  10. Click the box to confirm your Supervisor | Click the box to indicate you read the User Acknowledgement Statement.
  11. Select the correct user organization | Enter the Machine Name | Enter the computer tag.

    To determine your machine name:
    • Windows 7: Click the Start button | Right-click Computer and select Properties | The computer (machine) name is in the Computer Name, domain and workgroup settings section.
    • Mac OS: Open Applications | Open Utilities | Open System Information | the computer (machine) name is in the status bar at the bottom of the new window.

  12. Enter a Business Justification: Describe what you are trying to accomplish that requires elevated privileges (e.g. install home printer; troubleshoot home Internet connection, etc.). What is the impact to mission accomplishment if the request is denied? At HQ, software installation and maintenance is usually performed by the ACES or HITSS team and is generally not considered a valid business justification for approving EP.
  13. When finished, click Submit Request.

What to Expect

Windows computers must be on the HQ network or connected via VPN in order to have EP set by the ACES technician. Windows users will be notified when the request has been processed.

Macintosh users require a desk-side visit by an ACES technician.
Any message received from ESD regarding approval reflects an ESD status, not final approval of your request.

There is no notification process to alert you when the requested EP expires.


Users who request elevated privileges (EP) on their ACES-issued computer must complete the required training before access will be granted. Per NASA Directive ITS‐HBK‐2810.15‐02, Access Control: Managed Elevated Privileges (EP).

User Type
Required Course(s)
SATERN Search Term
All users granted elevated privileges Elevated privileges on NASA Information System (SATERN course ITS-002-09) elevated privileges
Users granted elevated privileges for longer than 30 days
  • Elevated Privileges on NASA Information System” (SATERN course ITS-002-09).
  • Appropriate operating system course for each operating system on which user will have elevated privileges (see table below).
elevated privileges
System Administrators
  • Elevated privileges on NASA Information System (SATERN course ITS-002-09).
  • Appropriate operating system course for each operating system on which user will have elevated privileges (see table below).
  • IT Security for System Administrators – Beginning Level (ITS‐RB1‐SA).
  • IT Security for System Administrators – Intermediate Level (ITS‐RB2‐SA)
elevated privileges

SATERN training on operating systems:

Operating System
Required Course(s)
SATERN Search Term
Windows 7 Protecting Windows 7 against Malware and Vulnerabilities (SSMW_MWET_A06_IT_ENUS) protecting windows 7
Windows XP

Backup and Security Settings in Microsoft Windows XP (SS-113758_ENG)

Windows Vista

Windows Vista Security and Performance Improvements (SS-242964_ENG)

windows vista
Mac OS X Mac OS X Security (ITS-001-09) elevated privileges
Windows Server 2008 Communications and Security in Windows Server 2008 (SS-WS_MWCD_A07_IT_ENUS) communications and security


For questions, contact Marion Meissner, Center Chief Information Security Officer, 202-358-0585.

For support, contact the Enterprise Service Desk (ESD): Submit a ticket online or call 358-HELP (4357)


Back to Products & Services

+ Freedom of Information Act
+ Budgets, Strategic Plans and Accountability Reports
+ The President's Management Agenda
+ Privacy Policy and Important Notices
+ Inspector General Hotline
+ Equal Employment Opportunity Data Posted Pursuant
to the No Fear Act

+ Information-Dissemination Priorities and Inventories
NASA - National Aeronautics and Space Administration
Content: Marion Meissner
NASA Official: Mary Shouse
Site Curator: Christopher Brunner
+ Contact ITCD