microsoft.pam.privilege.escalation.enabled

The configuration parameter specifies if the Microsoft Privileged Access Management (PAM) Privilege Escalation feature is supported or not within the Delinea environment.

If microsoft.pam.privilege.escalation.enabled is true, then, when an Active Directory user logs in, the configured privilege that's granted to the user through PAMGroup takes effect until the granted period has elapsed.

The Privileged Access Management (PAM) Privilege Escalation feature can be enabled or disabled through Group Policy. Select Computer Configuration > Centrify Settings > DirectControl Settings > Enable Active Directory PAM Privilege Escalation feature

The Microsoft PAM Privilege Escalation feature specifies if Delinea DirectControl uses Microsoft PAM Privilege Escalation feature in the computer.

For example:

microsoft.pam.privilege.escalation.enabled: true

Default is false, the Microsoft PAM Privilege Escalation feature support is disabled. Setting it to true enables grants the Active Directory user, at log in, the same configured privilege as the user's PAMGroup. This is in effect until the grant period expires.