Introduction to PEM

PEM is a privileged endpoint management solution allowing system administrators to limit and control the use of local administrator accounts for Windows users.

The mechanism PEM uses for elevating the privilege of a process is based on the application of policies, which are stored in the Microsoft Domain Controller as Group Policy Objects (GPOs).

For end users, PEM operates in a similar way to 'Run as administrator'. Users simply right click on a process and choose the 'Run as administrator using PEM' option from the menu. The user is then presented the Windows User Account Control prompt where they enter their own credentials to confirm they want to run a process as an administrator, assuming the policy you've established allows them to do so.

PEM context menu

User context is maintained while privilege is elevated. As a result, any files created will be owned by the user's account and any 'save' or 'open' dialog will default to the user's standard locations. This produces a seamless experience for users to elevate privileges on demand.

To get started with understanding PEM in more detail, see our How PEM Works guide.