Elevating security rights to administrative levels on a per application basis

An important and challenging problem for IT Administrators to maneuver around is managing administrative privileges on the desktop. Many applications that are developed in-house as well as some commercial products, such as Visual Studio, require running the application as an administrator. If the user doesn't have administrative privileges, the application components will not function or even worse, the application will not run at all. A typical situation facing IT administrators is where an end user needs to run such an application and must either grant full local administrative rights to the user account or utilize the native Windows command "RunAS" and provide the administrator password. Allowing users to have administrative rights or exposing the administrator password is risky and creates a less secure environment, which opens the door for desktop problems to occur.

This problem is especially challenging for IT Administrators working for the government as the recent US Government Federal Desktop Core Configuration (FDCC) mandate stipulates that administrative rights cannot be granted to end users and may not be made available on federal desktops and laptops.

Granting administrator rights at the application level and removing privileges from end users is the best approach for optimum desktop security. With this approach, the desktop operates within the least privileges mode except for applications flagged for elevated privileges.

Here's a 70 second video clip demonstrating Viewfinity Elevate Privileges. Feedback is welcome.