In a recent Viewfinity survey for which more than 600 IT security professionals responded, a major vulnerability was uncovered: 2/3 of companies don’t know who has local administrator rights.  The infographic below describes the findings:

"Admin rights" can be used by malware to install malicious software on local computers through the administrator account. Further penetration into the IT environment is then accessible through this vulnerability allowing other security threats to enter a corporate network. 

Don’t get caught off-guard - download Viewfinity’s complimentary Local Admin Discovery Tool.  This free tool allows you to discover user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain.  Once the analysis has been run, IT Administrators can take action by removing the users or suspicious groups from the Administrators group.

Viewfinity Privilege Management earned high marks in an independent product review by Wayne Rash, President and Analyst, of Wayne Rash & Associates. 

 “The single greatest security threat to most enterprises is the lack of control over administrative rights on client computers. By allowing employees administrative rights, you are opening the door to worms, Trojans and a host of other security problems. The security improvements in Windows 7 and third party privilege management solutions make the OS refresh the perfect time to remove rights. However, this issue is so critical that the removal of administrative privileges should be made as soon as possible,” says Wayne Rash, president and principal analyst of Wayne Rash & Associates.”

Here are some highlights of the Viewfinity review:

• “You can also use the Policy feature to block applications, so if a user has a peer to peer movie downloading package already installed, for example, you can prevent it from operating.

• “You can implement Viewfinity on any network using Windows machines, regardless of whether it Active Directory is in place."

• “With Windows 7, users are presented with a message from the User Account Control system when they attempt to invoke a function that requires administrative rights.” “Because Viewfinity is controlling the administrative rights, you can also control the UAC message.” 

 Click the picture to read the entire review:

Stop by next Friday for Tip #4 

Cindy Meinke of Coretek Services wrote about application virtualization with User Account Control (UAC) challenges.  Cindy mentions that Viewfinity Privilege Management is one solution to handle the UAC prompt challenge.

With the migration to Windows 7 the introduction of UAC prompts can be somewhat of a disruption to end users.  Viewfinity helps IT admins manage UAC prompts by suppressing or customizing the UAC dialog. This solution to handle UAC prompts available through Viewfinity Privilege Management provides for a critical requirement by customers—a better user experience.

Here’s a more technical explanation that is tied to the issues presented in the Coretek article.  While it is true that application virtualization may simplify the issue of managing UAC and elevated rights, not all applications and tasks can be effectively virtualized. For example, applications with embedded manifest “requestedExecutionLevel” containing admin rights or browser based ActiveX controls cannot be virtualized. UAC and the management of general Windows administrative tasks is a separate issue which cannot be easily addressed without third party tools such as Viewfinity Privilege Management product.

Here are just a few examples of administrative tasks that will cause a UAC prompt:

• Installing and uninstalling applications
• Installing device drivers
• Installing ActiveX controls
• Changing settings for Windows Firewall
• Configuring Windows Update (XP)
• Adding or removing user accounts
• Changing a user’s account type
• Running Task Scheduler
• Restoring backed-up system files
• Viewing or changing another user’s folders and files
• Running Disk Defragmenter

Drilling into the Viewfinity Privilege Management product, it not only elevates privileges and/or reduces permissions on individual applications, admin tasks, or ActiveX controls, but also provides a policy automation workflow that automatically generates policies based on approved applications or on-demand self-elevation.  Viewfinity Privilege Management fully integrated with UAC management can suppress UAC prompts and/or replace it with a Viewfinity justification dialog box.  The dialog box is where the end user can submit his justification for requesting elevated rights. Bringing it full circle, our audit report feature captures events with UAC usage stats and collects important information for security audits such as the use of unauthorized credentials in UAC and which actions were performed as result of unauthorized activity.

In every organization there exists a somewhat buried but very dangerous keyhole, that is the presence of administrative accounts which are not part of the Domain Users. Those accounts are actually hidden from the IT manager’s standard tracked list of domain administrative accounts and can be used by malware to install malicious software on local computers through the “local” administrator account.  Further penetration into the IT environment is then accessible by capturing passwords, including passwords for access to critical data.   It is essential that IT security and operations managers have a method for mitigating this risk.

Sign-up today for our 35 minute live demo session featuring our free tool Local Admin Discovery that allows you to discover user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain.

Reserve your seat today by signing up here.

Wednesday January 4th, 2012 9:30AM EST

A project to remove administrative rights with the minimal amount of disruption to your end users, when done properly, requires extensive analysis to determine user needs and prepare the environment.  As organizations work to heighten IT security by moving to least privileges, Viewfinity provides a non-disruptive, automated method for moving to least privileges via an end-to-end best practice approach that helps enterprises prepare the environment before privileges are revoked.  

Preliminary Preparation:  Pre-Discover Applications Requiring Elevated Permissions

Our Application Admin Rights Analysis silently gathers information and monitors which applications, processes, and administrative actions will require administrative permission before users are removed from the local admin group. This information is based on end user activity and is collected over a period of time to ensure all events are captured. Once the collection and analysis is completed, policies to elevate privileges can be automatically created and prepared in advance so that when administrative rights are removed, the policies are in place to ensure a non-disruptive move to least privileges.As part of this process, Viewfinity has a Local Admin Rights Usage Statistic dashboard.  This is a graphical “readiness indicator” of where an organization stands in terms of determining the optimal point in which they are prepared to remove administrator rights.   

Here is an example of a completed Application Admin Rights Analysis presented in the Local Admin Rights Usage Statistic dashboard graph:

This report shows the following:

·         Events marked in Green represent events which have been identified from user activities on previous days.

·         Events marked in Red represent newly discovered events that require Admin rights.

·         Readiness indicator:  when the discovery bar is mostly green, the system has collected the majority of events requiring administrative permissions. This indicates you are ready to use the Viewfinity Policy Automation Approval feature and automatically build policies based on the events discovered.

Read more about our end-to-end process here: http://www.viewfinity.com/Whats-New/Default.aspx