Skip to main content

Windows Shell Extension - Hitachi ID Group Manager

Hitachi ID Group Manager includes a Windows shell extension, which can be deployed on Windows XP, Windows Vista and Windows 7 PCs. If installed, this component can intercept Windows ``access denied'' error messages and present an expanded message which allows users to open a web browser to the Group Manager application, where they can request membership in the appropriate AD group.

The shell extension is packaged as a small, self-contained MSI package for easy distribution using SMS, GPOs, etc.

Watch a Movie

Windows “Access Denied” dialog leading to group membership request

Play movie


  • A user is guided through the access request process.
  • The video starts with the user encountering a Windows "Access Denied" error dialog.
  • The user is guided to a request to for membership in the appropriate Active Directory security group.

Key concepts:

  • Users frequently need access to new shares, folders, etc. but they don't understand access control lists (ACLs) or security groups.
  • To attain high user adoption for self-service security entitlement management, it is important to implement a system which allows for this gap in users' knowledge.

Read More:

  • Architecture:
    Hitachi ID Suite network architecture.
  • Included Connectors:
    Systems on which Group Manager can audit and reduce privileges.
  • Other Integrations:
    Integrations between Hitachi ID Suite and other parts of an IT infrastructure.
  • Server Requirements:
    Sizing, configuration and number of servers on which to deploy Group Manager
  • Language Support:
    Languages Supported by the Hitachi ID Identity and Access Management Suite
  • Windows Shell Extension:
    Intercepting the Windows "Access Denied" error dialog and directing users to a request page.
page top page top