If you missed the popular webinar with Group Policy Guy and Microsoft Group Policy MVP, Darren Mar-Elia and Viewfinity on Windows 7 Security and Managing UAC Prompts, then you can catch the recording here.

Viewfinity automatically detects privilege elevation needs based on actual user activity and creates policies based on similar user needs -- this significantly reduces the number of policies to be managed. Watch the video to see the discovery feature in action.

Darren Mar-Elia, Group Policy MVP and GPOGuy.com, is Viewfinity's guest speaker on “Windows 7 Security and Managing UAC Prompts.”  This webinar will explore Windows 7 migrations and the removal of local administrative rights as part of this desktop refresh.  Topics to be discuss include desktop lockdown, use of Windows 7 built-in security features, and management of UAC prompts. 

The webinar takes place on Tuesday July 31, 2012 at 2pm EDT.  Darren Mar-Elia will discuss the components of the Windows built-in security features and the best practices surrounding these features. Darren will also introduce additional methods for enhancing endpoint security within Windows 7 as related to managing UAC dialog boxes and applications that require administrator rights. 

Register for the webinar here.

Cindy Meinke of Coretek Services wrote about application virtualization with User Account Control (UAC) challenges.  Cindy mentions that Viewfinity Privilege Management is one solution to handle the UAC prompt challenge.

With the migration to Windows 7 the introduction of UAC prompts can be somewhat of a disruption to end users.  Viewfinity helps IT admins manage UAC prompts by suppressing or customizing the UAC dialog. This solution to handle UAC prompts available through Viewfinity Privilege Management provides for a critical requirement by customers—a better user experience.

Here’s a more technical explanation that is tied to the issues presented in the Coretek article.  While it is true that application virtualization may simplify the issue of managing UAC and elevated rights, not all applications and tasks can be effectively virtualized. For example, applications with embedded manifest “requestedExecutionLevel” containing admin rights or browser based ActiveX controls cannot be virtualized. UAC and the management of general Windows administrative tasks is a separate issue which cannot be easily addressed without third party tools such as Viewfinity Privilege Management product.

Here are just a few examples of administrative tasks that will cause a UAC prompt:

• Installing and uninstalling applications
• Installing device drivers
• Installing ActiveX controls
• Changing settings for Windows Firewall
• Configuring Windows Update (XP)
• Adding or removing user accounts
• Changing a user’s account type
• Running Task Scheduler
• Restoring backed-up system files
• Viewing or changing another user’s folders and files
• Running Disk Defragmenter

Drilling into the Viewfinity Privilege Management product, it not only elevates privileges and/or reduces permissions on individual applications, admin tasks, or ActiveX controls, but also provides a policy automation workflow that automatically generates policies based on approved applications or on-demand self-elevation.  Viewfinity Privilege Management fully integrated with UAC management can suppress UAC prompts and/or replace it with a Viewfinity justification dialog box.  The dialog box is where the end user can submit his justification for requesting elevated rights. Bringing it full circle, our audit report feature captures events with UAC usage stats and collects important information for security audits such as the use of unauthorized credentials in UAC and which actions were performed as result of unauthorized activity.