Connect with Viewfinity featuring Gartner Research on recent trends related to how organizations are revisiting PC control policies and increasing desktop lockdown.

Gartner states, “Survey results and feedback from Gartner clients show that organizations are increasing the number of PCs that IT controls by removing administrative rights and using other measures to control PC configurations.” This practice reduces system vulnerability by allowing end users to use only the applications and desktop functions that are deemed safe. However, to avoid merely shifting support calls related to unstable PCs to a high frequency of incidental type calls, companies should consider privilege management tools that will allow them to manage by user type or role.

Read this eNewsletter and learn more about PC lockdown policy trends, as well as best practices and approaches for various types of organizations.

https://www.viewfinity.com/Resources/WhitePaperSignup.aspx?cid=GartnerPMNewsletter

Darren Mar-Elia recently published his Top 10 Windows Desktop Lockdown Tips & Tricks in WindowsITPro magazine.  We thought we'd share these with you.  Below is tip #1.  Stay tuned, more to come.

1.  Least privilege is the best privilege:  The single biggest thing you can do to ensure your desktop security is to run your desktops using a least privilege model.  This means not making your users Administrators or Power Users on their desktops.  While this can be challenging to accomplish, with users as administrators, you have no control over what they can do on their systems.

The chart below was taken from data gathered from a recent systems management survey run with Redmond Magazine's audience.  It reveals that while 2/3 of organizations agree with Darren's #1 tip, most have taken an all or nothing approach to lockdown.  Are you hesitant to move to a locked down desktop environment?  If so, why is that?

Business Need
Is it possible to setup and manage white listed only applications versus having to maintain a list and block all unapproved software?

Viewfinity Capability
Viewfinity can be configured to support a "white list only" model so that when an end user logs in, his/her desktop is configured to only present and run the applications that are required for them to work. Other standard desktop applications are not available — no games, IM, iTunes, etc. are visible.

See it in several Easy Steps

• Reduces end user support and malware incidents
• Improves network and asset utilization by restricting the use of non business-critical applications
• Ensures business-critical applications are meeting corporate configuration standards

• Block Application
• Compliance

Since Sarbanes-Oxley, there has been a lot of buzz about "compliance" and the hoops IT must jump through to ensure its adherence. But everybody views it differently. One organization demands all PCs are locked down completely, another one keeps the environment wide open and resets to a golden image when issues occur, and yet another has different policies for laptops and desktops or different polices depending on the end user’s functional role within the organization. Many argue that there is no such thing as privacy on company’s computer, and others insist that there are privacy issues to be considered. Regardless, these policies create tension between IT personnel and end users. And since more and more people are telecommuting, it is very difficult to keep everything as restrictive as management would like. Many enterprise level organizations have conceded the fact that the corporate PC, while primarily a tool to conduct business, is also the same device used for “personal computing” and separating these two uses may not be necessary. This allows employees to use their PC for both business and personal needs. With this approach, however, what should be the role of tech support and how is corporate compliance enforced?

Maintaining "blacklists" or "whitelists" for unauthorized and authorized applications can be time consuming. Since fluctuations between blacklists and whitelists occur frequently, flexible application lockdown rules based upon groups, connectivity status, application, and time of day would best support the needs of the end user, the system administrator and the company. Configurable compliance policy support would help to eliminate critical problems that might occur if, say for example a laptop is stolen. If the laptop isn’t connected to the corporate network, specified data and/or applications cannot be accessed. Or, to disable iTunes or IM during business hours.

So what is the norm today and can an automated method for managing privileges help your company protect itself if complete lockdown is not the ideal approach?