logo

Log In

[templated item][templated item][templated item][templated item][templated item][templated item][templated item][templated item]
Support

 

Administrator Privileges – Guide to Viewfinity Privilege Management Software


It’s a well-known fact: hackers exploit administrator privileges to access your systems. This is a fundamental security loophole that is often the first step taken when attempting to penetrate your infrastructure. Yet many firms struggle with how to approach and manage a project to remove administrator privileges, and once removed, how to avoid an influx of calls to IT support to deal with user needs related to admin privilege elevation requests.

At Viewfinity, we help you approach this in an automated, step-by-step process. The key components of our solution are designed to enforce your security requirements to remove administrative rights. We help the operations team that needs to support this mandate through a smart, effective and manageable process. Controlling administrative privileges is manageable, easy and non-disruptive via Viewfinity Trusted Sources Methodology.


Why do you need Viewfinity for managing
administrator privileges?
Watch our 2 minute flash video.

Viewfinity Privilege Management Software






 

Getting started: assessing the environment

To start with, Viewfinity has a complimentary tool that helps you discover user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain.

Next, we inventory all the applications currently running in your environment and determine which of those applications require admin rivileges in order to execute.

Once that’s done, we invoke our Trusted Sources.

Don't know which user accounts have
Local Admin Rights? Find them now!
Download the free tool now!

Automatic handling of applications that require elevated permissions via Trusted Sources

During the discovery phase, information is collected related to only applications requiring administrative rights. It is these applications which will require admin privilege elevation policies. However, it would be unmanageable to create all of these policies manually, so Viewfinity uses its Trusted Sources to automatically create admin privilege elevation policies if the installation origination or application is deemed trusted.

Trusted sources are those applications innately known, and thus trusted. This includes applications originating from: Software Distributors, Updaters, Network Location, Installation Package, Publisher, Product, User/Group, OS image and more.

For example, the "Trust by Software Distributors" policy works with applications and files distributed through SCCM (or any software distribution system) and will automatically elevate administrative privileges if, following the installation, the application requires administrative rights in order to function. As a result, the "Trust by Software Distributors" policy significantly reduces the number of approvals and policies that need to be managed.

Intelligent grouping of like privilege needs creates overarching administrative privilege elevation policies

Viewfinity can automatically aggregate admin privilege policies based on similar user needs so the number of policies that need to be created and managed are reduced by an order of magnitude. The product intelligently scans a Windows environment and identifies common user privilege needs across the organization.

This is done by automatically detecting attempts to use/install applications or tasks requiring administrative rights. These events for elevated admin privilege needs are aggregated and a single policy is created that can be used across the organization or for a collective group of users.

Restricting administrative privileges for particular applications and what they are allowed to access

For some applications, even though they are “trusted”, you may have a need to restrict admin privileges so that they have limited access to designated resources. This combination adds a data-centric level of application security currently unavailable with the other administrative privilege management solutions. Examples of what can be restricted include: internet, corporate shares, registry and file access

Arrange for a trial evaluation to
learn more about the product!
Register for Trial Evaluation

Managing ad-hoc and administrative privilege elevation needs after the initial setup

While 95-99% of your admin privilege management needs and policies will be established and implemented well ahead of time, for those exceptions, and there are always exceptions, Viewfinity offers a method for IT administrators to streamline admin privilege elevation requests from end users.

Once the applications requiring administrative rights have been discovered and created using our Trusted Sources and Automatic Policy Aggregation process, Viewfinity provides two automated methods for handling ad-hoc requests. For users, groups or applications that require more control over which admin privilege elevation requests should be authorized, we provide a workflow authorization option to create the appropriate policy and approve the admin privilege elevation request on the fly.

For power users or those who are often working remotely, we have an on-demand option that allows for self-elevation to handle one-off requests. Self-elevation or policy automation via authorization workflow is highly configurable and can be enabled by user, group, or by type of request.

End users receive an email notification when the policy has been created. All policies can be configured to support customized messages for end users to see when applications are launched with elevated administrative privileges.

 

Supporting administrative privilege elevation needs for users on-the-go with no network access

A user can be authorized for a "one-time use" of an application. This can be used to allow an application to run for users on-the-go with no network access and thus with no ability to update policies. In such instances, if One-time Run Authorization is enabled, a user can submit a request to the Viewfinity administrator and get a one-time authorization. The request is a code (Request ID) to be provided by the user, and in turn the user will be provided with an Authorization Code that should be entered in the Viewfinity One-time Run Authorization dialog in order to launch the application. The authorization access code ensures that access is matched with the requested application. All usage of one time access is audited and reported.

Mitigating the biggest security threat

Mitigation the Biggest
Security Threat of all -
Your Users

Running web applications that require administrative privileges

There are instances when a website requires administrative permissions in order to operate successfully. Viewfinity provides the ability to create policies that will elevate admin privileges for specific URLs. Web Application policies are activated on the client PC, just like other policies.

When the user browses to an elevated URL, the user will be presented with a window asking to start another browser window, which will be opened with elevated admin privileges. Only this window has the rights to run the application requiring administrative rights.

Supporting your remote and mobile workforce

Viewfinity does not require laptops or desktops to be part of the Active Directory domain or to be directly connected to the corporate network in order to activate policies that manage administrative privileges. As soon as the PC connects to the internet, Viewfinity delivers the policies and rules established by the IT Administrator. Once delivered, all policies continue to be enforced even while working offline.

Elevation rules are applied in real-time and do not require users to cycle through the log on process. Viewfinity doesn't require desktops to be part of the domain or to be attached to the corporate network in order for admin privilege elevation policies to be delivered. Reports can be used to monitor the status of polices being applied.

Read how a prominent legal firm used Viewfinity to support its mobile workers.

 

Protecting your environment with advanced Threat Detection capabilities

Viewfinity extended its solution base and has moved to an adaptive protection architecture through direct, real-time collaboration with threat detection vendors. Viewfinity leverages the investments organizations have already made in network security firewall technology and reputation database services.

MONITOR APPLICATION ACTIVITY

  • Internet
  • Intranet
  • Network Shares
  • Registry
  • Files
  • Sandboxing with networks security providers
    Cross reference suspicious application activity detected on endpoints, along with information about network behavior at the endpoint level, with network security solutions such as FireEye, Check Point and Palo Alto. Proactively update policies to block confirmed bad files.
  • Integration with Check Point Firewall Anti-Bot
    Update firewall policies by utilizing Viewfinity’s endpoint forensic analysis capabilities that precisely trace unique information related to the origin of a file and blocking that entry URL. Download the joint solution brochure.

Monitor application activity

  • Monitoring Network Events on Endpoint
    Full, real-time visibility of network events on endpoints. Reduces the footprint of an attack by pinpointing every endpoint on which the malicious file is installed and blocks it from further execution or propagation.
  • Integration with FireEye Mandiant TAP
    Deepens threat investigation reach because FireEye admins utilize Viewfinity’s endpoint data during investigations. Learn more about our integration with FireEye.
 

Managing administrator rights for applications that run on Windows servers

Most people think of managing administrator privileges solely on endpoints, but our customers also use the product on servers for separation of rights between those who manage servers and those who manage applications. This approach complements the security protection measures you are already taking with Privileged Identity Management. For example, you can:

  • Elevate administrative privileges or restrict access to precise Windows services rather than allowing across the board administrator rights to all services.
  • Manage admininstrative privileges on select server applications.
  • Enable the auditing features to capture an audit trail of actions that privileged users are taking on servers.
  • Reduce rights for technical staff that only need access to specific tasks/services to resolve support calls that fall within their area of responsibility.





HIGHLIGHTS
CUSTOMER STORIES
WEBCASTS
DOCS
Local Admin Discovery Tool (free)
Don't know which user accounts have
Local Admin Rights? Find them now!
Download the free tool now!

Privilege Management Brochure

Viewfinity controls administrative privilege elevation rights for applications and systems which require elevated permissions, eliminating the need to give users administrator rights.

Download the brochure.

How Viewfinity Mitigates Pass-the-Hash

Pass-the-hash is a technique which enables hackers to use your own systems against you, by using administrator rights to steal admin credentials and then use those credentials to gain access to your infrastructure.

Read the white paper.