Block/Whitelist
Overview
Each organization has list of known applications which they do not want installed on its corporate desktops. In some cases, IT may want to permanently prevent users from installing certain applications, while for other applications, blocking the execution of an application may be a temporary measure. In order to stop unwanted software installations, some organizations opt to completely lockdown its desktops.
Migrating to Windows 7? Thinking about Locking Down Your Desktops?
Do it the right way.
Some departments and/or jobs, such as customer service areas or bank tellers, only need very limited applications in order to perform their daily job tasks effectively. Viewfinity can be configured to support a "white list only" model so that only approved software can be installed and/or executed. For example, when a teller or customer service representative logs in, his/her desktop is configured to only present and run the applications that are required for them to work. Other standard desktop applications are not available — no games, IM, iTunes, and other prohibited applications are visible.
What have the experts learned about locking down desktops? David Chernicoff, Microsoft MVP shares what he’s learned as well as knowledge shared with him regarding The Top 10 Best Practices for Locking Down Corporate PCs.
Our white listing capabilities provide a single point solution which can be applied to all staff, regardless of worker location, and is in effect regardless of connection status. This model helps IT because it ultimately cuts down on end user support incidents, thereby saving both time and money for enterprises. Review our use case for this feature.
Try it now for 14 days. You can opt to evaluate the product using our SaaS platform and/or within GPO/Active Directory.
Privilege management and application control tools can also be used together as a compensating control for giving users administrative rights, and this would have value for both locked and unlocked users, because some applications don't require administrative rights to install.
Gartner: The Cost of Removing Administrative Rights for the Wrong Users
27 April 2011 | Terrence Cosgrove
Configuring Compliance Policies for Users and Groups
Using Viewfinity, the IT Administrator may establish policies that identify applications (and applications can be placed into groups for simplified management) that should be blocked from executing on corporate desktops and laptops. For example, the Brokerage division has a specific policy that prohibits any Instant Messaging software form executing. Viewfinity automatically enforces this policy for members of the Brokerage group/OU, ensuring that these PCs are intact with corporate compliance regulations. For easier management, policies can be set to control software that you may wish to group together such as Skype, ICQ, Yahoo Messenger, AOL, etc. Policies can also be flagged to unblock usage of specific applications while the end user is not connected to the corporate network.
Viewfinity group policies are completely automated and will update an individual's policy settings simply by moving an end user's profile from one group to another. An example of this would be if an individual contributor is promoted into a management position. The IT administrator simply moves that user's profile into the OU within Active Directory for that department, and any new applications and/or data that should be visible to him at the management level are automatically made available on his desktop.
For industries that are governed by mandated regulations, such as HIPAA, SOX, FISMA Compliance and others, our product helps IT administrator enforce compliance policies through its flexible, multi-dimensional policy creation capabilities. Our privilege management policies can be updated/propagated even when the laptop is not connected to the corporate network ensuring that all compliance rules are strictly enforced at the endpoint level. Please refer to our reports page for more information on the type of reports and audit trails that are available to track compliance.
Flexible Application Policies for Mobile Workers
Because of our underlying technology, Viewfinity is able to provide far more advanced capabilities than traditional tools. For example, Viewfinity provides flexible control over the "availability" of applications on laptops so that certain applications can only be used when the device is not connected to the corporate network. Through our automated policy management, IT administrators establish rules that correspond to application usage depending on the laptop's connectivity status. For example, IT may decide to block the use of Instant Messengers for connected clients and then automatically disable this policy once the laptop has disconnected from corporate network.
Flexible Implementation Methodologies
Viewfinity Privilege Management can be implemented through our SaaS/Cloud platform or via your on-premise
servers as a private cloud, or as an extension to Group Policy, enabling policies to be managed through the standard
Group Policy Management tools.
Discover Desktops with Administrator Rights
The Viewfinity Local Admin Discovery is a free tool that allows you to discover user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain. Learn more about this tool and how to download it.