Task Delegation Service
Valid on Windows
capamsc141
Valid on Windows
The task delegation service (SeSudo.exe) grants the required rights and privileges to ordinary users to enable them to perform administrative tasks while not being members of Windows high privileged groups. Example: the Administrators group.
When a user attempts to perform an administrative task, such as to start or stop a Windows service, the task delegation service performs these tasks:
- Communicates with thePrivileged Access Managerengine service to verify that the user has is authorized to perform the task.
- ThePrivileged Access Managerengine service does the following:
- If the user is authorized to run the task, thePrivileged Access Managerengine service authorizes the task delegation service to run the task.
- If the user is not authorized to run the task, thePrivileged Access Managerengine blocks the attempt.
Run the
Privileged Access Manager
task delegation service from a command-prompt window using the sesudo command. This command has the following format:sesudo [-do [record] [parameters]| -list | -h]
- -do[record] [parameter]Specifies to execute the commands that are embedded in the [record] field with additional parameters
- -listSpecifies to display a list available records that the user can execute
- -hSpecifies to display the command help menu