Installing the Privileged Application Launcher
- Kim Landis (Unlicensed)
- Phillip Hanegan
- Patrick Parker
The Privileged Application Launcher (PAL) is a local Windows desktop application that enables users to temporarily check-out vaulted Active Directory credentials and launch Windows applications as the check-out identity. PAL acts much like the Runas command but without requiring the user to be granted knowledge of the privileged user password.PAL operates using Windows security so it is limited by Windows domain and trust restrictions.
Prerequisites
- There must be vaulted credentials in the system that the employee is allowed to request. See Vaulting Non-Computer Credentials for more information.
- The person sharing the credentials must be a member of the Computer PAM User Full (or Limited) Access management role and have a Master password.
- The person requesting the credentials must be a member of the Computer PAM User Limited (or Full) Access management role and have a Master password.
For help in creating a Master password, see Creating a Secret.
To install the Privileged Application Launcher
Employees install the Privileged Application Launcher on their local machines.
- Double-click the installer file, EmpowerIDApplicationLauncherInstaller.msi.
- In the setup wizard that appears, provide the URL of the EmpowerID host and click Next.
On the Ready to install page, click Install.
Since this must be installed as an administrator, a message flashes on your taskbar. Click it to open the User Account Control requesting permission to make changes on your device. Click Yes to continue.
- When the agent finishes installing, click the Finish button to close the wizard.
Once the Privileged Application Launcher has been successfully installed on a machine, users can launch it to access any privileged applications for which they have access. See Using Privileged Application Launcher for details.