Wednesday January 11, 2012 2:00PM EST

In this joint webinar, Viewfinity and PolicyPak will demonstrate how to best protect your endpoints with true desktop and application lockdown, and manage the lockdown environment so that user productivity is not impacted.  

Alex Shoykhet, VP of Product Management at Viewfinity, will demonstrate a best practice approach for using Microsoft Active Directory and Group Policy to manage administrator rights for standard users.  The demo will kick off with tools for removing administrator rights and then segue into how to manage privileges for standard users with zero impact on user productivity.  This is done via Viewfinity's end-to-end approach for managing admin rights such that end users don’t need to involve the help desk every time a user needs admin rights.

Next the PolicyPak team will demonstrate how to lock down individual applications by controlling settings within the application.  PolicyPak prevents users from manipulating important settings, but also quietly reapplies misconfigured settings if a user or application happens to work around them. You’ll learn how to answer questions such as “How are you able to guarantee key application and operating system settings for users?” and “How can you prevent users from messing up their apps?” and “How can we prevent application pop-ups and application questions?”

Register for a seat here. 

Group Policy MVP Jeremy Moskowitz and founder of PolicyPak demos the Group Policy way to use Viewfinity Privilege Management on his blog titled, “PolicyPak Complements Viewfinity Privilege Management.”  Below is a reposting of Jeremy Moskowitz’s blog.

The guys at Viewfinity have the right idea (here’s a quote from their website).“Viewfinity Privilege Management offers IT Administrators a flexible approach for controlling its corporate desktop and laptop environment.”

One of Viewfinity’s super-powers is to operate users with a least privilege account then elevate the application’s rights that require them. Getting to a “least privilege” desktop is, definitely a good idea.

But, even when least privilege accounts are all used, there’s still a ticking time bomb waiting for you: Standard users can still misconfigure the desktop, operating system (Control Panel), key applications (Flash, Acrobat, Java), or any desktop and business applications you have.

PolicyPak can help when you’ve already got Viewfinity Privilege Management in place and how to ensure your desktop and applications are truly locked down and secure.

Note: Viewfinity has two ways to implement least privilege – using Group Policy or using a cloud service. The video only shows the Group Policy way to use Viewfinity Privilege Management, but if you use their cloud service, PolicyPak will work with it just the same.

• How are you able to guarantee key application and operating system settings for users?
• How can you prevent users from messing up their apps?
• How can you ensure users won’t work around your important security and operating system settings?
• How can you re-apply key application and operating systems settings when users are disconnected from the network?

Derek Melber, (MSCE, MVP) is only 1 of 8 MVPs on Group Policy in the world.  Derek published an article on windowsecurity.com titled, “Desktops: Local Rights & Privileges” and is also the author of The Group Policy Resource Kit by Microsoft Press. Derek addresses the many droves of questions he receives about end user desktops with topics specifically related to user rights, permissions, local group, and least privileges.

“For corporate environments, the overall goal is to allow users to run all applications, install key software and drivers, and run operating system features that make the company money, but to do this with the least privilege possible,” said Derek Melber.  Ideally, this would accomplish the overall desktop security.  If user rights, permissions, and local group settings are done correctly using Group Policy, then a corporate entity is on the right track to achieving overall desktop security and moving to a least privilege environment, where the user does not have local administrative privileges, except for those tasks required.

According to Derek, Windows Vista and 7 come with User Account Control (UAC) which has “standard sets options for you can either grant access to business applications requiring administrative privileges by adding the user to the local Administrators group, or you can modify all of the permissions and user rights associated with the files, folders, and desktop so the user can ONLY elevate the specified application. With potentially hundreds of applications for a corporation, this is not a very efficient option.”  Derek suggests using a solution that can extend Group Policy.

A third party software such as Viewfinity’s Privilege Management solution can help achieve the overall desktop security goal through extending a corporate entity’s existing Group Policy infrastructure. Viewfinity allows companies to use what they already have in Active Directory and Group Policy, and manage privileges for users at a granular level to gain further control over ensuring users are granted the least privileges possible.  Viewfinity has many companies who are currently using our privilege management software as an extension to Group Policy.