Policy Management and Enhancing the End User Experience

When managing policies for standard users, it’s important to automate the process as much as possible. Viewfinity Privilege Management is the only product on the market that automatically scans a Windows environment and intelligently identifies common privilege needs across the user base within an organization. This scanning and collection process automatically aggregates the common privilege needs and creates a single policy for a collective group of users.

This is an enormous time and management savings to all companies. Enterprises can expect the number of policies that need to be created and managed are decreased by a order of magnitude with our automated policy aggregation method.

Having the ability to organize policies in a logical manner is important on many levels. It helps save time, reduces the chance of error, and provides an enterprise-wide view of what policies are being managed. Because the arrangement offered in Windows Outlook is familiar to most, we provide this “Inbox” style of folder organization. It provides an easy and fast method for moving events and policies to predefined policy folders: Elevate, Elevate As Required, Do Not Elevate, Block, etc.

Our intuitive wizard-based interface allows you to configure multi-dimensional policies based upon any combination of groupings, including:

• Applications
• Departments
• Active Directory User/Group
• Connectivity Status (on/off corporate network)
• Time of Day

Policies are completely automated, for example, when one user is moved into a different OU, the policy settings for that OU are immediately effective and enforced for that user's logon credentials.

Try it now for 14 days. You can opt to evaluate the product using our SaaS platform and/or within GPO/Active Directory.

Viewfinity's Privilege Management features provide application-level control and policy customization on the desktop. Setting up policies is easy. There are several methods available for customizing how you control your environment:

Display Customized Messages to End Users, Including Customizing Windows 7 UAC Prompts
Viewfinity allows organizations to enhance the end user’s experience by customizing the messages that are displayed to end users related to policy execution, Policy Automation or upon access to an end user’s activity recording journal, screen capture and Remote Terminal. This extends to customizing the Windows 7 UAC dialog box. You can elect to replace the Windows UAC dialog box with a customized Viewfinity dialog box so the user can enter a business justification for using this particular application. Or you can suppress the UAC prompt all together. Viewfinity user dialogs support extensive customization including company logos, URL, custom text and more.

Scripts:
In addition to the built-in capabilities that are available, IT administrators may develop custom scripts to control various aspects of their desktop environment.

Policy Export/Import:
Viewfinity provides the ability to import and/or export policies, in XML format, for backup and other purposes. The import/export functionality is ideal for pilot programs where policies are setup in a test environment and once the testing is completed, the proven policies can be exported into a production environment.

Advanced Policies:
Application Group Policies are designed to handle the majority of cases by using broad, generalized rules. Specific exceptions to these, or highly granular rules, can be defined and handled in advanced policies. Advanced policies allow you to custom tailor the policy to the exact needs, without interrupting the more generalized workflow establish by application group policies. Further customization on the behavior and presentation of the Viewfinity agent can be achieved by changing the settings, using advanced targeting and customizing the dialogs & messages.

Custom Policy Groups:
We offer the option to create custom groups for policies and organize them by criteria such as location, department, job function, and more. For example, a custom policy group can be created to manage policies for non-domain guest users and managed as another OU through the GPO editor. However your organization is structured, groups can be created to mirror that model and organized within Outlook-style folders.

Application Groups:
Policies can be enforced on a single application, executable or a group of applications. By enforcing policies on a group of applications, administrators can significantly reduce the number of required policies. For example, you can create an application group that blocks applications related to “Peer to Peer clients” and include in this group any application which falls into this category. Viewfinity automatically collects software inventory information from all computers -- there is no need for administrators to collect information on executables that they want to block. Simply open the global software inventory list, build an application group, and apply policy Block or Elevate to the application group. By applying a policy to a group of applications instead of establishing individual policies for executables, the number of policies can be kept at a minimum.

Policy Scheduling, Immediate Updates and Setting Policy Expiration Dates:
In general polices updates take place immediately, assuming there is connectivity between the client and server. In some cases an administrator may want to schedule activation/updates for policies, which can be done via the Viewfinity console. However, if an administrator or client wants to apply policy updates immediately without waiting for the prescheduled policy update time, an Administrator can force a policy update. Also, a client can force a policy update from his/her PC.

Viewfinity provides several activation/deactivation options for managing policies, requiring less manual intervention when maintaining policies. For example, when a remote worker requires access to install a local printer or ActiveX control from a specific vendor site, the Administrator can create a policy that is active for the next 24 hours only. When the 24 hour period expires the policy deactivates itself automatically. In addition, policies can be made location aware. For example, a policy is created to Block an application based on the end-user’s connection location. In this example the application will run if they are connected from within the corporate network but blocked if outside the firewall.

Policy Templates:
Viewfinity provides a number of policy templates to help you with your initial testing and policy creation. Using one of our predefined templates, simply edit the policy to meet your needs and assign it to a specific computer, user or group. Example templates include: allow ActiveX installations, Block Applications, Run applications with elevated permissions, Run Administrative Tasks with elevated permissions, as well as many others.

Approval Required For Requests to Elevate Permissions
When an end-user tries to run a particular application or perform a task that requires elevated permissions, the Viewfinity Agent automatically detects this and opens a dialog box where the user can enter his business justification for using this particular application.

The Viewfinity agent routes the request to the IT Administrator via the Viewfinity Console, or by way of a report or an email. The IT Administrator can approve and activate the policy and elevate the privilege on the fly. Prior to approval, the IT Administrator can review the business justification provided by the end user as well as information about applications or task from the computer/user that initiated the request. Information related to Applications, ActiveX, Administrative Task, Scripts, etc. is automatically collected during the Policy Automation process. Policies are automatically created without manual intervention. End users receive email notification when the policy has been created.

Viewfinity products provide delegated management control to support the needs of your various IT roles and staff members. The primary Viewfinity Administrator account has authorization to manage all computers in the organization. This primary account can create separate computer subsets based on departments, regions, and other criteria and assign management control of these subsets to specific individuals. Each subset administrator can deploy agents, apply policies, and report on computers which fall under his/her management.

Viewfinity supports two levels of system management accounts. Full control system management accounts have complete access to product features such as the ability to create, stop, start, and modify policies; deploy agents and monitor activity. Read only accounts are targeted for subset administrators which require “review only access” including activities such as viewing reports and monitoring policy and asset management reports, reviewing computer connectivity status, etc.

Flexible Implementation Methodologies

Viewfinity Privilege Management can be implemented through our SaaS/Cloud platform or via your on-premise servers as a private cloud, or as an extension to Group Policy, enabling policies to be managed through the standard Group Policy Management tools.

Discover Desktops with Administrator Rights

The Viewfinity Local Admin Discovery is a free tool that allows you to discover user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain. Learn more about this tool and how to download it.