Avecto Privilege Guard Helps Corporations Lock Down and Simplify Windows Workstations

1
2
3
4
5
6
7
8
9
1 of 9

Avecto Privilege Guard Helps Corporations Lock Down and Simplify Windows Workstations

by Andrew Garcia

2 of 9

New Application Groups

Administrators create Application Groups that include executables, applets, packages and scripts that require permission elevation to run or install successfully on the locked-down user's desktop.

3 of 9

Privilege Escalation

After creating an Application Group, administrators apply messaging and choose the actions Privilege Guard should take.

4 of 9

Assigning Policy

From the Group Policy or Local Policy editor, administrators can apply created application rules to appropriate users, groups or OUs.

5 of 9

Customizing Messaging

Administrators create a messaging object, replete with caption, header, body text and image. That object gets applied to application rules.

6 of 9

Customized Message

The customized messaging seemed a little warped, as the logo was surprisingly oversized. Also, I found customized messaging sometimes greatly slowed the user experience.

7 of 9

Logged Escalation

The local Windows Event Viewer captures Privilege Guard actions. These events can be forwarded to a central repository via SOAP-based WINRM.

8 of 9

Privilege Backdoors

Privilege Guard can thwart some backdoor privilege escalation tricks. Here, I block escalation of access to Windows Explorer through an elevated application's File/Save dialog box.

9 of 9

Time Restrictions

Administrators can set time restriction enforcement policies, for instance to only allow privilege escalation during work hours.

Top White Papers and Webcasts