Viewfinity GPO 4.0 – GA Spring 2012

Viewfinity’s 4.0 version triggers the tipping point for broad adoption to lock down endpoints due to our breakthrough automated method by which administrative rights are managed. With this new level of automation, there is no reason for users to have administrative rights.

Here is a summary of what’s new in the current 4.0 GPO snap-in version:

Ease of Use - Policy Organization
Policies are organized in a logical manner which saves time, reduces the chance of error, and provides an enterprise-wide view of what policies are being managed. Because the arrangement offered in Windows Outlook is familiar to most, we provide an “Inbox” style folder organization. Events are categorized into predefined policy folders: Elevate, Elevate As Required, Do Not Elevate, and Block

Elevated Rights As Required
Selectively elevates rights only for those applications that truly require administrative rights. This option is used when a company wants to elevate all applications signed by a specific software publisher that require administrative rights but not those applications which do not require elevated rights. For example, Microsoft’s Notepad does not require admin rights so Viewfinity would not elevate privileges for Notepad – it would remain locked down. Another example of this “only as required” technique can be applied for elevating all applications signed by Google which require admin rights such as browser toolbars, and eliminating exposure to the security risk loophole that occurs when elevate permissions are granted to an application that does not require them, such as the Google browser.

Control and Manage Policy Proliferation
The ability to aggregate privilege policies based on similar user needs so the number of policies that need to be managed are reduced by an order of magnitude. The product intelligently scans a Windows environment and identifies common user privilege needs across the organization, and automatically aggregates these privilege needs and creates a single policy for a collective group of users.

Privilege Control for Data
Extends our privilege management policies to control permissions by controlling permissions on shares, folders, files and registry. Privilege Data Control Policies allow administrators to centrally control client file and registry access permissions. Combining a strict data access restriction via a policy with Viewfinity's elevation control will ensure maximum security for your organization.

Built-in Agent Protection
Viewfinity built an extra layer of protection into the Viewfinity agent in order to protect Viewfinity files, policies and the agent from malicious attacks. Viewfinity agent files are automatically encrypted and cannot be edited when accessed inside corporate network or when policies are cached offline. Any elevated processes cannot be used to modify Viewfinity agent files, folders, and registry. No manual intervention is required to protect the operating system from elevated processes. The policy files and all other Viewfinity files cannot be modified even if the Viewfinity software is disabled (e.g. boot from CD).

Policy Reporting
New Dashboard and Audit reports such as Summary if Active/Inactive Policies, Policy Usage, Policy Automation, and Policy change history summary are now available.

Advanced Policies
Application Group Policies are designed to handle the majority of cases by using broad, generalized rules. Specific exceptions to these, or highly granular rules, can be defined and handled in advanced policies. Advanced policies allow you to custom tailor the policy to the exact needs, without interrupting the more generalized workflow establish by application group policies. Further customization on the behavior and presentation of the Viewfinity agent can be achieved by changing the settings, using advanced targeting and customizing the dialogs & messages.

Viewfinity Privilege Management for Servers
We have decoupled the server capabilities from the flagship product and the product is now available as two individual offerings: (1) Privilege Management for Endpoints; and (2) Privilege Management for Servers.

End-User Customization/UI
Viewfinity provides very flexible end–user dialog boxes and balloons which can be branded to specific company requirements. This includes the ability to suppress the native Windows UAC dialog box and replace it with customized Viewfinity dialog boxes. End-user UI messages can be customized to include company logo, URL, Email, rich text and variables.

Policy Revision History
In organizations where multiple administrators are managing policies, we provide the ability to audit and track who has made policy changes such as policy settings updates, policy creation, removal, etc.

Video Audit
Viewfinity’s Video Audit feature provides an option to capture a screen recorded video of user activity based upon a particular application or policy. IT Administrators can gain an understanding of how particular applications are being used by end users. IT Administrators can elect to record user actions based upon specific policies and/or applications. This feature has wide-spread applicability and appeal considering the type of information that can be recorded and used for policy auditing purposes. For example, you can monitor a user session during which the user has elevated permissions to install an application for troubleshooting purposes or it can be used for monitoring suspicious user activity.