Windows & Interoperability: Avecto Privilege Guard Helps Corporations Lock Down and Simplify Windows Workstations
Avecto Privilege Guard Helps Corporations Lock Down and Simplify Windows Workstations
by Andrew Garcia
New Application Groups
Administrators create Application Groups that include executables, applets, packages and scripts that require permission elevation to run or install successfully on the locked-down user's desktop.
After creating an Application Group, administrators apply messaging and choose the actions Privilege Guard should take.
From the Group Policy or Local Policy editor, administrators can apply created application rules to appropriate users, groups or OUs.
Administrators create a messaging object, replete with caption, header, body text and image. That object gets applied to application rules.
The customized messaging seemed a little warped, as the logo was surprisingly oversized. Also, I found customized messaging sometimes greatly slowed the user experience.
The local Windows Event Viewer captures Privilege Guard actions. These events can be forwarded to a central repository via SOAP-based WINRM.
Privilege Guard can thwart some backdoor privilege escalation tricks. Here, I block escalation of access to Windows Explorer through an elevated application's File/Save dialog box.
Administrators can set time restriction enforcement policies, for instance to only allow privilege escalation during work hours.