Task Delegation Service

Valid on Windows
capamsc141
Valid on Windows
The task delegation service (SeSudo.exe) grants the required rights and privileges to ordinary users to enable them to perform administrative tasks while not being members of Windows high privileged groups. Example: the Administrators group.
When a user attempts to perform an administrative task, such as to start or stop a Windows service, the task delegation service performs these tasks:
  1. Communicates with the 
    Privileged Access Manager
    engine service to verify that the user has is authorized to perform the task.
  2. The 
    Privileged Access Manager
    engine service does the following:
    1. If the user is authorized to run the task, the 
      Privileged Access Manager
      engine service authorizes the task delegation service to run the task.
    2. If the user is not authorized to run the task, the 
      Privileged Access Manager
      engine blocks the attempt.
Run the 
Privileged Access Manager
task delegation service from a command-prompt window using the sesudo command. This command has the following format:
sesudo [-do [record] [parameters]| -list | -h]
  • -do
    [record] [parameter]
    Specifies to execute the commands that are embedded in the [record] field with additional parameters
  • -list
    Specifies to display a list available records that the user can execute
  • -h
    Specifies to display the command help menu