Security, Compliance and Productivity with PowerBroker for Desktops

BeyondTrust PowerBroker for Desktops enables organizations to remove administrator rights and allow end-users to run all required Windows applications, processes and ActiveX controls. By eliminating the need to grant administrator rights to end-users, IT departments can create a more secure, compliant and productive environment.

Enable End Users to Work without Administrative Privileges

End-users with administrator rights have long been the Achilles heel of desktop security. These rights can be exploited by malware and users to change standard desktop configuration settings, install unlicensed software and disable other security solutions. However, there is a need to allow end-users to run applications that require administrator rights, and install approved software and ActiveX controls.

Until PowerBroker for Desktops was introduced in 2005, the only way to answer these end-user needs had been to make each user a member of the administrators group and provide them with administrator rights, creating significant security issues. PowerBroker for Desktops solves this dilemma by allowing network administrators to attach permission levels to Windows applications and processes.

PowerBroker for Desktops implements a true Group Policy extension. Simply specify the application and which permissions and privileges should be added to the process token when the application is launched. By setting PowerBroker for Desktops policy, end-users without administrative privileges will be able to run all applications.

PowerBroker for Desktops Enables Organizations to:
• Preserve a standard desktop configuration by allowing users to manage only approved computer settings, such as connecting to local printers
• Achieve compliance with regulatory mandates by configuring all users as standard users, while still allowing users to run approved applications that require admin rights
• Prevent unlicensed software installation by allowing users to install only authorized software
• Reduce data theft by preventing access to private data saved locally by other computer users
• Increase desktop security by reducing the malware attack surface and blocking unauthorized installations
• Implement least privilege by providing only the minimum amount of privileges and permissions necessary for applications to run
• Discover Windows applications that require users to have administrative rights
• Ease the deployment of Windows 7 by solving Application Compatibilities issues
• Centralize control by placing security decisions in the hands of network admins instead of end-users

PowerBroker for Desktops Features

With BeyondTrust PowerBroker for Desktops, organizations control the execution of applications, software installs, ActiveX controls, and system tasks that require elevated or administrative rights—all while keeping the user locked down and preserving the user’s security context.

PowerBroker for Desktops is integrated with Active Directory and applied through Group Policy. Policy is applied by creating rules in the Group Policy Object Editor.

PowerBroker for Desktops Allows Standard Users to:

Run any authorized application that requires administrator privileges
• Off-the-shelf
• 3rd Party developed
• In-house developed
• Software from specified publishers with signed digital certificates

Manually change authorized system level configurations
• Local printers
• System time
• Etc.

Install approved ActiveX Controls
• Installing ActiveX controls and other Internet Explorer components
• Named ActiveX controls
• ActiveX controls from specific URLs
• ActiveX controls from wildcard URLs

Install approved applications
• Self-service software installation points (unmanaged software installs)
• Software installation from specified CDs or DVDs

Additional Features & Functionality
• Operates transparently to the end-user without pop-ups or consent dialogues
• Configure rules by targeting applications, computers and users using standard Group Policy conventions and PowerBroker for Desktops filters
• Authorize on-demand user initiated elevation, to help manage traveling laptop users, developers, and others that need more flexibility.
• Log application execution information including privileges and permissions, as well as when PowerBroker for Desktops rules are executed for auditing
• Manage admin rights on file system browsing within targeted application
• Set Vista and Windows 7 integrity levels for any application, to provide additional protection from potentially damaging system changes
• Supports Windows 2000, XP, Server 2003/2008, Vista, 7, and Windows 64-bit platforms