A growing number of IT organizations are recognizing the power in Group Policy Objects in Microsoft Corp.s Active Directory to better administer and lock down desktops companywide. A handful of vendors are responding by extending Group Policy Objects to give more granular access to rights and privileges.
AutoProf, which has been renamed DesktopStandard Corp., this week will launch its PolicyMaker Application Security utility. The tool allows desktop administrators to specify privileges for certain applications, rather than have to elevate user accounts to administrator status so users can access applications or execute functions such as changing screen resolution or connecting to a printer.
"You want end users restricted as much as possible, but you want to give certain permissions to do things like install a certain printer," said Eric Voskuil, chief technology officer of the Portsmouth, N.H., company. "And there are business applications that require administrator permissions to run. You can set policies to target those scenarios for elevated permissions but otherwise run with normal permissions."
PolicyMaker addresses a security gap within Group Policy that allows administrators to prevent users from running certain applications but does not let administrators change the security policy for those applications. The tool also allows administrators to make granular changes to the access levels and privileges of a targeted applications security token without affecting the access of individual users.
Administrators at VistaPrint USA Inc., of Lexington, Mass., are using PolicyMaker Application Security within the companys call centers, said Nick Duda, senior network administrator.
"In the past, we would just issue your average agent administrative rights. They could do everything on a local computer," Duda said. "Now we modify the permissions so that were giving the application administrator rights, not the user. It keeps users out of places they shouldnt be."
DesktopStandard is among several smaller companies that have extended Active Directorys Group Policy functions to better manage Windows desktops. Quest Software Inc. has released a Group Change Control product and extensions to Group Policy for centrally managing scheduled tasks as well as local user accounts and passwords. In addition, NetIQ Corp. at the end of last year released its Group Policy Administrator offering and by April will integrate its IntelliPolicy for Clients option into it.
Check out eWEEK.coms for the latest news, reviews and analysis about productivity and business solutions.