The following information is specifically for general users.
|If you are a System Administrator seeking elevated privileges on a non-ACES server, you must submit a NAMS request using the search term "HQ Elevated Privileges for NON-ACES computers."
What is Elevated Privileges?
Elevated Privileges (EP) allow you to perform configuration changes or other advanced functions on your computer that ordinary users are not authorized to perform. Some examples are to install home printers, troubleshoot a home Internet connection, install approved software for development work, run custom programs, etc.
Accessing information systems with elevated user privileges greatly increases the risks of security incidents and of unintended and/or detrimental changes to system configurations. It is considered best practice to restrict user rights in order to limit the scope and lessen the opportunity of attacks.
Granting Elevated Privileges
General users are only granted elevated privileges for clearly established purposes. The granting of Elevated Privileges does not give a user unrestricted authority to change system configuration, install executable software, or to otherwise add/modify/delete existing software products. The only user that can be assigned EP is the end-user to whom that computer is assigned.
+ Read more
How to Request Elevated Privileges
NASA Headquarters personnel may request temporary, short-term or long-term elevated privileges if required to accomplish your NASA mission. After all approvals have been made, and it is confirmed that the required training course(s) have been completed, access is normally granted within 48 hours, depending on ACES scheduling and the specific operating system.
Types of elevated privileges:
- Temporary: 24 hours
- Short-Term: Up to 30 days
- Long-Term: Up to 364 days
Step 1: Complete the EP training requirements outlined below.
Step 2: Submit a request through the NASA Access Management System (NAMS) within the Identity Management and Account Exchange (IdMAX) application. Requests should be submitted after completing the required training. You must submit one NAMS request per computer for which you are requesting elevated privileges.
- Access NAMS within the IdMAX application: https://idmax.nasa.gov
- Click "Access Management."
- Click "Request or Modify Application Account."
- Click the "Applications" tab, then enter the term "elevated" and click "Search."
- Click "Add to Request" for "ACES workflow for Elevated Privileges."
- Click the "Sponsor" tab, then ensure your sponsor is your supervisor. If necessary, search for your supervisor's name and click "Select."
- The screen will refresh. Click "Continue" at the bottom.
- Complete all of the fields under “Request Details.”
- To determine your machine name:
When finished, click “Continue to Submit.”
The screen will refresh. Click "Submit Request."
- Windows 7: Left Click the Start button | right click “Computer” and select “Properties” | The computer (machine) name is in the Computer Name, domain and workgroup settings section.
- Mac OS: Open Applications | Open Utilities | Open “System Information” | the computer (machine) name is in the status bar at the bottom of the new window.
- Business Justification: Describe what you are trying to accomplish that requires elevated privileges (e.g. install home printer; troubleshoot home Internet connection, etc.). What is the impact to mission accomplishment if the request is denied? At HQ, software installation and maintenance is usually performed by the ACES or HITSS team and is generally not considered a valid business justification for approving EP.
What to Expect:
Windows computers need to be on the HQ network or connected via VPN in order to have EP set by the ACES technician. Windows users will be notified when the request has been processed.
Macintosh users will require a deskside visit by an ACES technician.
Any message received from ESD regarding approval reflects an ESD status, not final approval of your request.
There is no notification process to alert you when the requested EP expires.