Government Computer News
Privilege Manager earns administrators' trust
GCN Lab Review
Network managers want to have their cake and eat it, too. Basically, we want to protect our users from malware by not giving them administrator rights, yet we know we have to give them these rights to run the programs they need to do their jobs.
Digg
De.licio.us
Slashdot
Technorati
With Vista, Microsoft introduced User Access Control, which prompts users to grant themselves the necessary rights to run specific applications.
This works fairly well for home users, but it allows users in enterprise environments to accidentally approve malware, potentially infecting entire networks.
BeyondTrust Privilege Manager lets a network manager set policies that automatically elevate permissions for approved programs on client computers. It also provides an interface integrated with Microsoft’s Group Policy Management Console (GPMC) to create and manage those policies. BeyondTrust elevates permissions only when a previously specified application is run.
Getting started
The information provided with the software states that policies can be developed and validated on a single computer, then manually moved to an Active Directory domain at the appropriate time.
Because the management software must be installed on a computer used to edit Group Policy Objects, we decided to install the Privilege Manager on a laptop PC running Windows XP Professional. The Privilege Manager can integrate with Windows’ GPMC, so we first attempted to install GPMC on the laptop.
But the install program balked, saying we had to install Microsoft .NET Framework.
This was a surprise, because .NET Framework Versions 2.0 and 3.0 were already on the laptop. After some head-scratching, we discovered that GPMC has to run on Version 1.1 of .NET Framework. We hope Microsoft will clarify the error message.
With GPMC running, we installed BeyondTrust from a single file. After rebooting, we found no heavy management console executable, only a small administrative plug-in to the GPMC. The client install executable automatically appeared on our management computer during the brief installation process, so we used it to install the client on a user’s Windows Vista computer.
The client installation took less than two minutes, plus time for a reboot. The client installs as a driver — there is no tray icon, and the user should not be aware that the client is running. We noticed no degradation in performance. We installed the client on Vista and Windows XP machines, but it also works on Windows Server 2003 and Windows 2000.
| |||
| Latest News |  WashingtonTechnology.com |
FCW.com |
|
GCN.com
The latest technology news from GCN.com
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
 |
![1105 Government Information Group [valor]](/images/1105logo_website.gif "Government Computer News [valor]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
