I found that Viewfinity offers an easy-to-use, Web-based management console, which is laid out in dashboard fashion. Here, it was pretty easy to determine what to do. For example, if I wanted to control administrative privileges for a group of PCs or users, I could simply select from the "Policies" menu and then select "Create policy," which would offer me some choices, such as "Elevate privileges," "Application policy" or "Computer policy." With "Elevate privileges" I was presented with choices from which to create rules for the privilege set, such as "Run application with administrative privileges" or "Permit ActiveX control installation," and so on.That granularity fits well with the preferred security concept of locking everything down and only allowing access to what is required. Viewfinity offers a plethora of policy controls that can be combined, grouped and assigned in multiple fashions. That level of flexibility allows administrators to create complex policies that span several administrative privileges on a PC. That bodes well for those trying to meet regulatory compliance requirements, such as HIPAA (Health Insurance Portability and Accountability Act), FDCC, PCI or the Sarbanes-Oxley Act, which encompass access controls and the control of sensitive information. Ideally, an administrator can fully lock down a PC or server and create policies that allow users to accomplish tasks that relate directly to their business functions, eliminating possible breaches. However, most administrators have eschewed the complete lockdown approach in favor of leaving everything open and closing down access to critical functions or applications-why? Simply because it is much easier to use that approach and avoid the complexity of OS native policy creation utilities. For administrators, leaving things open may be easier, but it is an invitation to a security breach. Therein lies the biggest value of Viewfinity, which offers an effective methodology for locking down PCs and servers, without creating an administrative nightmare. Of course, there is a lot more to privilege management than policy creation; there are also enforcement, auditing and asset management elements. Viewfinity addresses each of those in a unique fashion. First and foremost is enforcement. Viewfinity relies on an installed client application to handle enforcement, a methodology that creates some questions-such as whether that client application can be disabled or tricked. Viewfinity has designed its client application to run persistently and prevent anyone lacking full administrative privileges from making any changes to the client. Viewfinity also offers comprehensive auditing reporting, which lets administrators create full audit reports identifying who has what privileges. Auditing goes one step further to record activity, access attempts and dependencies required by applications and processes. Viewfinity further simplifies management with a comprehensive inventory component, which automatically discovers attached systems and inventories the operating systems, applications, settings and most other elements associated with a PC or server. That information is used to populate many of the policy definition tables, so that administrators are always working with the latest software environment on a subject system. Inventory information is also used to populate reports, define relationships and track changes, allowing Viewfinity to fit into a change management solution for managed PCs and servers on the network.
The rule selection can get very granular, allowing administrators to fine-tune access and control policies. Administrators also have the option of creating policies based upon specific applications or specific computers. Application policies that control privileges can be very useful. Take for example a situation that requires an application to have access to certain low-level OS functions. Let's say it is an application that uses an ActiveX control-normally, you may want to lock down access to that control to prevent a breach. With Viewfinity, you can grant temporary privileges to the application, allowing access to the normally locked-down ActiveX control, so the application can function properly, while the level of security remains high.