Overview

BeyondTrust Privilege Manager enables organizations to remove administrator rights and allow end-users to run all required Windows applications, processes and ActiveX controls. By eliminating the need to grant administrator rights to end-users, IT departments can create a more secure, compliant and standard environment.

End-users with administrator rights have long been the Achilles heel of desktop security. These rights can be exploited by malware and users to change standard desktop configuration settings, install unlicensed software and disable other security solutions. However, there is a need to allow end-users to run applications that require administrator rights, and install approved software and ActiveX controls.

Eliminate Admin Rights with BeyondTrust Privilege Manager

Until BeyondTrust Privilege Manager was introduced in 2005, the only way to answer these end-user needs had been to make each user a member of the administrators group and provide them with administrator rights, creating significant security issues. Privilege Manager solves this dilemma by allowing network administrators to attach permission levels to Windows applications and processes.

Privilege Manager is implemented as a true Group Policy extension. Simply specify the application and which permissions and privileges should be added to the process token when the application is launched. By setting Privilege Manager policy, end-users without administrative privileges will be able to run all applications.

BeyondTrust Privilege Manager Will Enable Organizations to:

• Preserve a standard desktop configuration by allowing users to manage only approved computer settings, such as connecting to local printers
• Achieve compliance with regulatory mandates by configuring all users as standard users, while still allowing users to run approved applications that require admin rights
• Prevent unlicensed software installation by allowing users to install only authorized software
• Reduce data theft by preventing access to private data saved locally by other computer users
• Increase desktop security by reducing the malware attack surface and blocking unauthorized installations
• Implement least privilege by providing only the minimum amount of privileges and permissions necessary for applications to run
• Ease the deployment of Windows Vista by reducing the number of User Account Control pop-ups
• Centralize control by placing security decisions in the hands of network admins instead of end-users