AutoElevate Deployment - NinjaOne
Purpose
This solution is designed to configure the automatic deployment of the AutoElevate application on Windows machines that are missing the agent, using the NinjaOne platform.
Associated Content
| Content | Type | Function |
|---|---|---|
| AutoElevate Agent Deployment | Script | The script installs the AutoElevate Deployment. |
| cPVAL AutoElevate Deployment | Custom Field | This field controls whether the AutoElevate deployment process should run on the selected devices. |
| cPVAL Blocker Mode | Custom Field | Used to set the Blocker Mode configuration for the end user at the time of installation. |
| cPVAL Elevation Mode | Custom Field | Determines how privilege elevation requests are handled on the device once the agent is installed. |
| cPVAL AutoElevate License Key | Custom Field | Holds the license key so that agent will get installed on the particular location. |
| AutoElevate Deployment Windows Workstation | Compound Condition | This Compound condition is used to deploy the AutoElevate on windows workstations. |
| AutoElevate deployment Windows servers | Compound Condition | This Compound condition is used to deploy the AutoElevate on windows srvers. |
Implementation
Step 1
Create the following custom fields, set the vaule under those custom field per organization level.
Step 2
Create the following automations:
Step 3
Create the AutoElevate Deployment compound condition for default Windows Workstation policy [Default] agent policy and schedule the AutoElevate Deployment to install the agent.
Step 4
Create the AutoElevate Deployment compound condition for default Windows Server policy [Default] agent policy and schedule the AutoElevate Deployment to install the agent.
FAQ
1. Can the AutoElevate deployment be executed manually without relying on the auto-deployment custom field (cPVAL AutoElevate Deployment)?
Yes, the AutoElevate deployment can be executed manually even if the auto-deployment custom field is disabled. The script can still be run manually to install or update AutoElevate on individual machines when necessary.
2. Are the custom fields (cPVAL AutoElevate License Key, cPVAL Elevation Mode, cPVAL Blocker Mode) mandatory for deployment?
Yes, these fields are required for a successful deployment. They provide the license and configuration settings needed to register the agent to the correct environment and define its elevation and blocker behavior.
3. What should I do if AutoElevate does not deploy on certain machines?
Check whether cPVAL AutoElevate Deployment is set to Enable for those machines or the site. Also verify that all required fields contain correct values and the endpoint has internet access to communicate with the AutoElevate portal.
4. Can deployment settings be customized per site or per device?
Yes. Each site can have its own set of deployment variables, and overrides can be applied at the individual device level if needed. This allows flexibility for different policies across locations or departments.
5. What does the Elevation Mode parameter configure?
Elevation Mode defines how the AutoElevate agent handles privilege elevation requests. Examples include automatic approval, challenge-based approval, or full request/approval workflow depending on the mode selected.
6. What is the purpose of the Blocker Mode parameter?
Blocker Mode controls the behavior when an application is not automatically elevated—either blocking execution or allowing access until a rule is created. This provides control over how strictly privilege requests are managed.
7. Can the deployment script be scheduled to run regularly?
Yes, it can be added to a recurring policy so that new machines automatically receive AutoElevate and existing machines can be checked for installation status.