Viewfinity Home
Products
 
Systems Management
Privilege Management
Elevate Privileges
Application Lockdown
Block/Whitelist
Policy Management
Activity Auditing
User Migration
What We Do


Try It Now!
 

Elevate Privileges

Overview

Granting Administrative Privileges to Standard Users

Certain Windows applications and desktop functions require local administrative privileges in order to run and function properly on a desktop or laptop. Granting Full Administrator Rights creates a less secure desktop environment and opens the door for malicious hackers and viruses, thus organizations consider granting Administrator Rights to standard users to be risky. It also breaches compliance regulations posed by the Sarbanes-Oxley Act and HIPAA. Additionally, the US Government Federal Desktop Core Configuration (FDCC) mandate stipulates that administrative rights cannot be granted to end users and may not be made available on federal desktops and laptops.

Watch video clip Try It Free

How It Works

Viewfinity elevates administrative rights for certain processes or applications rather than at the user account level. When permissions are raised, the elevation is performed directly within the security token of the specific user process. The application or process is started using the current user credentials as opposed to using RUN AS which needs the Administrative account in order to raise privileges. The RUN AS method potentially introduces security risks and issues for changes that are written into current user registry.

Is flexible lockdown really possible? Darren Mar-Elia, Microsoft Group Policy MVP, shares his top 10 tips & tricks related to desktop lockdown in this two-page checklist.

Try it now for 14 days. In four easy steps and in less than ten minutes, the software can be installed and ready for evaluation.

Not sure which product is best for your needs? View our side-by-side comparison of all features.

Real-time Privilege Elevation

All elevation rules are applied in a real time and do not require users to cycle through the log on process. Viewfinity doesn't require desktops to be part of the domain or to be attached to the corporate network in order for privilege elevation policies to be delivered. Reports can be used to monitor the status of polices being applied.

ActiveX Controls

Another restriction imposed in least privilege environments is the inability for non-administrative users to install approved ActiveX controls. IT administrators may continue to operate endpoint devices in a least privileges mode and use Viewfinity Elevate Privileges to grant administrative rights for installing:

  • ActiveX controls
  • Signed ActiveX controls
  • ActiveX controls from specific URLs
  • ActiveX controls from specific Publisher and version

Printer Installations

For organizations with locked down environments, trivial end user tasks such as installing or removing printers becomes a burdensome IT support task. Viewfinity Elevate Privileges allows IT administrators to grant permissions for non-administrative users to install and remove printers. IT administrators no long need to get bogged down with requests that an end user should be able to handle without IT intervention.

61% of organizations lock down their desktops
61% of organizations lock down their desktops
Only 12% use a privilege management product
*Survey conducted in Dec 2009, 272 respondents

Granting Administrator Rights for Applications

Viewfinity solves the administrative privileges problem by supporting a locked down least privileges environment that allows IT administrators to have granular control over which desktops and laptops can operate with administrator rights. There is no need to jeopardize your network by granting full privileges to every user just so they can run a business application that requires administrative privileges. With Viewfinity's Elevate Privileges functionality, IT Professionals can manage and assign administrative privilege permissions to specific applications and desktop functions without granting full administrative rights.

Computer Management Functions

Occasionally end users may require administrator rights in order to perform PC service/management functions such as Device Management, Disk Defragmenter, Manage Services and User Accounts & Shares. With Viewfinity these tasks can be run by standard users by elevating administrator privileges to perform the specified management functions.

Support for Mobile Workers

Viewfinity does not require laptops or desktops to be part of the Active Directory domain or to be directly connected to the corporate network in order to activate policies that manage administrator privileges. As soon as the PC connects to the internet, Viewfinity delivers the policies and rules established by the IT Administrator. Once delivered, all policies continue to be enforced even while working offline.

Intelligent Reporting through Policy Auditing

Viewfinity provides detailed reporting on all administrator privilege policies, including an audit trail report that provides confirmation that a policy has been delivered and activated on endpoint devices. This includes validation of policy delivery to mobile and remote users, single or group of computers and/or for a specific application.

 
Next Steps
Interactive DemoBrochuresWhite PapersHow It WorksFeature ComparisonContact Me
 
Rollback | Activity Recording | Elevate Privileges | Application Lockdown | Remote Desktop | Asset Inventory Privacy Policy| Site Map  

Copyright © 2007-2010 Viewfinity, Inc. All rights reserved.