Privilege Management
Better Operations Control through Privilege Management
Viewfinity Privilege Management offers IT Administrators a flexible approach for controlling its corporate desktop and
laptop environment. With tighter, yet flexible control over the types of applications and privileges
your distributed workforce are allowed, the more stable your desktop environment becomes.
With this enhanced control over managing your environment,
the number of end user support calls to the help desk are reduced.
Try it now for 14 days. In four easy steps and in less than ten minutes, the software can be installed and ready for evaluation.
|
| |
Migrating to Windows 7? Thinking about Locking Down Your Desktops?
Do it the right way.
Managing and Elevating Privileges for Otherwise Locked Down PCs
For organizations who lock down its desktops, or who are planning to move to a locked down desktop environment, Viewfinity offers IT administrators the ability to manage administrative rights by desktop function and application. Our Privilege Management features are integrated with Active Directory and allow IT administrators to establish flexible privilege elevation policies for applications and desktop functions requiring administrator rights. Desktops continue to operate within the least privileges mode except for those functions flagged for elevated privileges, such as:
- Applications: Elevate privileges to administrative rights per application, not per user or desktop
- Child Processes: Choose to elevate additional executables or components required by an application to run properly
- ActiveX: Manage permissions for non-administrative users to install ActiveX applications
- Scripts: Elevate privileges to administrative rights per script
- Printers: Manage permissions for non-administrative users to install printers or perform application installations (optional)
- Windows Services: Raise privileges to perform specific administrative functions (Device Management, Disk Defragmenter, Manage Services and User Accounts & Shares)
- GPO/Active Directory: Option to implement as an extension to Group Policy and manage through standard Group Policy Management tools
Privilege management and application control tools can also be used
together as a compensating control for giving users administrative rights, and this would
have value for both locked and unlocked users, because some applications don't require
administrative rights to install.
Gartner: The Cost of Removing Administrative Rights for the Wrong Users
27 April 2011 | Terrence Cosgrove
Viewfinity's Elevate Privileges Capabilities
Granular Level Control
Through the use of automated policy settings, corporate guidelines can be established and applied for multiple dimensions of configurable, logical groupings: departments, applications, end users, connectivity status, time of day and more. Our automated policies, combined with our Privilege Management features, offer a flexible yet secure approach to ensuring all your laptops and desktops automatically adhere to your corporate regulations. Viewfinity also supports an organization's compliance needs as they relate to USGCB/FDCC, PCI Compliance and SOX, as well as other desktop-level control procedures.
By leveraging encapsulation, Viewfinity's Privilege Management features provide application-level control and policy customization on the desktop. Many policies that formerly required complete lockdown can now be enforced without creating excessive limitations on the end user machine.
Example of granular-level elevation control for ActiveX
Automatic Propagation of Privilege Elevation
All elevation rules are applied in a real time and do not require users to cycle through the log on process. Viewfinity doesn't require desktops to be part of the domain or to be attached to the corporate network in order for privilege elevation policies to be delivered. Reports can be used to monitor the status of polices being applied.
Support for Mobile Workers
Viewfinity does not require laptops or desktops to be part of the Active Directory domain or to be directly connected to the corporate network in order to activate policies that manage administrator privileges. As soon as the PC connects to the internet, Viewfinity delivers the policies and rules established by the IT Administrator. Once delivered, all policies continue to be enforced even while working offline.
Intelligent Reporting through Policy Auditing
To ensure compliance, Viewfinity has built-in audit reporting that provides automated confirmation of delivery and enforcement of policies. Viewfinity provides detailed reporting on all administrator privilege policies, including an audit trail report that provides confirmation that a policy has been delivered and activated on endpoint devices. This includes validation of policy delivery to mobile and remote users, single or group of computers and/or for a specific application.
Viewfinity Policy Audit and Validation Reports
Viewfinity offers the following Privilege Management features:
Policy Management: Automating Compliance Policies
An effective privilege management tool allows policies to be designed and enforced in a way that achieves
the objectives of the company without creating unnecessary restrictions on the end user.
Viewfinity offers automated policy management that can be customized to meet the needs of any organization.
From automated laptop and desktop power down and pre-scheduled logoff policies, to any capabilities that
require IT administrators to centrally control the operation of laptops and desktops automatically,
our policy management
can be flexibly configured to support your environment.
Corporate Compliance Adherence
61% of organizations lock down their desktops
Only
12% use a privilege management product
*Survey conducted in Dec 2009, 272 respondents
Management sets forth regulatory and corporate compliance objectives based on the risks and requirements of the business,
and IT is responsible for enforcing these objectives through rules and policies. IT is also responsible for ensuring compliance
with software licensing agreements, even on machines that are frequently outside of the corporate network.
Due to limitations in available compliance tools, enforcement tactics are often overly restrictive at the desktop-level
in order to meet all compliance objectives set forth by the company.
Viewfinity supports an organization's compliance needs as they relate to USGCB/FDCC, PCI Compliance, SOX and HIPAA.
Viewfinity Support for Delegated Security
Viewfinity products provide delegated management control to support the needs of your various IT roles and staff members. The primary Viewfinity Administrator account has authorization to manage all computers in the organization. This primary account can create separate computer subsets based on departments, regions, and other criteria and assign management control of these subsets to specific individuals. Each subset administrator can deploy agents, apply policies, and report on computers which fall under his/her management.
Viewfinity supports two levels of system management accounts. Full control system management accounts have complete access to product features such as the ability to create, stop, start, and modify policies; deploy agents and monitor activity. Read only accounts are targeted for subset administrators which require “review only access” including activities such as viewing reports and monitoring policy and asset management reports, reviewing computer connectivity status, etc.