Install a Jump Client, Jumpoint, or Elevation Service for Elevated Privileged Access Session Start
When attempting to operate with the credentials on a smart card, the user is prompted to enter a PIN. This UAC prompt is inaccessible to the user if the endpoint client is not already running in elevated mode. It is therefore necessary to access the remote endpoint in one of three ways:
- A Jump Client running as a system service
- A Jumpoint or local network Jump, using administrative credentials
- A Jump session with the Bomgar elevation service pre-installed on the remote endpoint
Accessing the remote endpoint in elevated mode allows the user to interact with UAC prompts in order to enter the smart card PIN.
To install a Jumpoint, see Jumpoint: Set Up Unattended Access to a Network. No special setup is required.
Jump Client Installation
To install a Jump Client in preparation for using smart card support, you must set certain options as described below.
- From the /login interface of your Bomgar Appliance, go to Jump > Jump Clients.
- Configure the Jump Client settings as needed. For details, see Jump Clients: Manage Settings and Install Jump Clients for Unattended Access.
- The connection type can be either active or passive.
- Be sure to check Attempt an Elevated Install if the Client Supports It as well as Prompt for Elevation Credentials if Needed.
- Click Create.
- From this page, you may email the Jump Client installer to one or more remote users.
- Alternatively, select a platform and download the Jump Client installer to your local system. You may then distribute this installer to multiple systems for manual installation, or you may distribute it via a software deployment tool.
Elevation Service Installation
In special cases, you may need a session to start with the endpoint client already in elevated mode, or you may need to elevate the endpoint client without providing credentials. To securely elevate the endpoint client without the prompt, download the Bomgar Automatic Elevation Service from /login > My Account and install it beforehand on the remote Windows systems to which you need credential-less elevation access. You must install the elevation service using an account that has administrative privileges to the local machine.
When the elevation service runs, it adds to the registry a hash unique to your Bomgar site. Then, when the remote system begins a session through that site, the elevation service matches the registry hash against the hash in the client. If they match, the client attempts automatic elevation.
After a Bomgar software update, your site hash changes. Download and run the elevation service registry file to update the registry hash on systems which already have the elevation service installed. You must run the elevation service registry file using an account that has administrative privileges to the local machine.