PowerBroker Servers:
Unix & Linux Privilege Management + Active Directory Bridging

Achieve compliance and improve efficiency in Unix, Linux and Mac environments by implementing root account privilege and session management, integrating open systems into Active Directory, and utilizing Group Policy for consistent configuration management. Replace sudo in heavily regulated environments.

Unix and Linux Compliance in the Data Center or the Cloud

PowerBroker Servers enables IT organizations to implement privileged access policy across Unix, Linux and Mac environments, while centralizing management through Microsoft Active Directory and achieving consistent configuration with Group Policy. This centralized approach to managing privileged access in the virtual datacenter reduces complexity and cost, provides a secure alternative to sudo, and helps IT more efficiently demonstrate compliance.

  • Enable users to perform specified administrative tasks without disclosing passwords
  • Record and index all sessions for quick discovery during audits
  • Enable users to leverage their AD credentials to access Unix, Linux or Mac systems
  • Attain consistent configuration by extending native group policy management tools to include settings for Unix, Linux and Mac
  • Consolidate directories to simplify management of complex environments
  • Leverage across more than 30 different Unix & Linux platforms
Unix and Linux Server Privilege Management

“With PowerBroker, we have better user engagement/ experience for our customers, along with better security.”

Director of Site operations, XING
[Read the Case Study]
Rely on Secure, Compliant Privilege Delegation
Delegate privileges more securely than with sudo, without disclosing the root password on Unix, Linux, and Mac OS X platforms. Monitor sessions with DVR-style recording for a complete audit trail.

Extend Group Policy to Achieve Compliance
Enable consistent configuration enterprise-wide by extending native Group Policy management tools to include specific group policy settings for Unix, Linux and Mac. Supports compliance with SOX, PCI, HIPAA, and other regulations across all systems by replacing NIS with an Active Directory infrastructure.
Leverage AD for Authentication and Authorization
Centralize authentication and authorization to enable users to log into Unix, Linux, or Mac systems using their Active Directory usernames and passwords. A single password policy set in Active Directory applies to all joined systems, including Kerberos SSO to SAP, Siebel, and other key enterprise applications.
Consolidate or Migrate Directories
Facilitate migration from multiple authentication mechanisms, identities, and directories to a single Active Directory-based infrastructure for all systems and users. This centralizes control and speeds user onboarding and offboarding. PowerBroker Identity Services provides a pluggable framework with an interface similar to Microsoft's Management Console on Linux or Mac OS X.


  • Empower administrators: Provides a single, familiar tool set to manage both Windows and Unix systems.
  • Replace sudo: Granularly controls user access to programs, files, and directories as well as brokering system tasks, without sudo.
  • Robust: Supports flexible integration scenarios with Active Directory and other directory services, from basic authentication enablement to storage and lookup of PowerBroker policy data.


  • Secure logging: Centralized log data facilitates controlled access to session activity information.
  • Simplify policy management: Centralized policy store enables a single control point for managing user privileges.


  • Achieve compliance: Quickly meets access/authorization regulations as described in SOX, HIPAA, GLBA, PCI DSS, FDCC and FISMA.
  • Group policy: Enables one-to-many management of Unix, Linux, and Mac OS X configuration settings.
  • Track activity: Time-stamped logs for every administrative, user-level, and application activity ensures that no suspicious activity goes unnoticed.


PowerBroker Servers Enterprise

PowerBroker Servers Enterprise

Download this overview document containing capabilities, highlights and competitive advantages of PowerBroker Servers Enterprise. PowerBroker Servers Enterprise enables centralized management of your Linux and Unix users, groups and computers with powerful integration with Microsoft Active Directory. PowerBroker protects against intentional or accidental misuse of privilege that would otherwise allow insiders and hackers to facilitate attacks executing privileged commands.

Case Study

XING Case Study

XING Improves Security and Transparency of Access Rights with PowerBroker

Read this Case Study of Xing's implementation PowerBroker Servers. XING is a social network for business professionals. With PowerBroker they improved overall security, supported an increase in the level of privileged accounts and enabled a less time-consuming process.

Case Study

A Smooth Road to Compliance for a Large Health Plan

A Smooth Road to Compliance for a Large Health Plan

As a Unix shop, this large health company also needed a solution that could perform the deep, credentialed scans required for real protection from vulnerabilities, while also protecting the system’s root password.

Your Data Security Strategy Starts with Deploying a Least Privilege Model (part 2 of 2)


In last week’s blog, we talked about how controls and accountability must be put into place so that only the right folks can access data and the systems on which that data resides, and that employing a least privilege model helps to achieve that and more. We’re using conclusions and data from a recent report... more

Getting Least Privilege Right on Windows


Windows doesn’t make least privilege easy Enforcing least-privilege access policies on Windows has never been easy – especially given some fundamental flaws have haunted the OS since the mid-1990s. Consider the following permissions issues: Windows 95 and 98 had a logon screen and could even be joined to the domain, but users could bypass the prompt... more

Accelerate and Simplify Deployment of PowerBroker Privilege Management Solutions with Oracle VM Templates


On April 17th, Oracle and BeyondTrust experts Doan Nguyen and Paul Harper shared how leveraging Oracle VM Templates can automate and simplify the deployment of the PowerBroker for UNIX & Linux privilege management solution across your IT environment. See below for an embedded, on-demand recording of the webcast. Oracle and BeyondTrust Team Up The partnership... more

PowerBroker for Unix & Linux Now Available via Web Services


This week BeyondTrust released a fully functional Web Services interface (REST API) for its PowerBroker for Unix & Linux product.  With this new feature users of the solution will now be able to remotely and securely configure and retrieve data via the API.  The Web Services interface implemented by BeyondTrust is an industry standard that... more

The 5 Things Every Linux Administrator Should (and Should Not) Do When It Comes to Privileged Account Management


When it comes to privileged account management the list of things an administrator can do to protect their environment is seemingly never ending. Last week we hosted a webinar with Oracle Linux and presented a list of 5 things every Linux administrator should, and should not, do when managing privileged accounts. Given the current security... more

Privilege gone wild! Our latest survey finds privileged users are out of control.


Did you know that 40% of employees have unnecessary access rights? What about that over 25% of employees admitted to having retrieved information not relevant to their job like financial, reports, salary info, HR and personnel docs? Now have I caught your attention? As our latest security survey proves, insider threats continue to be a... more

Our Newest Product Release: PowerBroker Identity Services 7.5


We are very excited for the announcement of our latest release of PowerBroker Identity Services 7.5, the industry’s most effective solution for bridging Linux, UNIX and Mac OS X assets into Active Directory. This latest update provides the strongest communications encryption to date, as well as the utmost flexibility with regards to event notification and management.... more

Think You’re Safe from Internal Threats? The NSA Breach Will Make You Think Twice.


When reading a recent article in the USA Today about how Edward Snowden, a former Booz Allen Hamilton employee and NSA contractor, was able to steal sensitive data via non-specific vectors, I was reminded of the illusion that threats are predominately external to organizations. Even though we might not know exactly how Snowden was able to... more

BeyondTrust & Oracle, The Perfect Partnership


No one will dispute that Oracle is a heavyweight when it comes to the relational database market, but Oracle is far more than a one trick pony.  Oracle has a plethora of enterprise products and hardware solutions that will fit the needs of almost any business.  However the key to success for many of the... more

sudo authentication bypass when clock is reset


A recent discovery by a German researcher, Marco Schoepl, found that it is possible for a user to bypass sudo authentication by resetting the clock. To read more about this vulnerability see the articles on and What we have found is that many highly secure customers have already adopted the timestamp_timeout=0 setting which... more

See all PowerBroker Servers Enterprise blog posts

VMware Plug-in for Retina

The industry's first and only vulnerability management solution directly integrated into vCenter.


Retina CS Enterprise Vulnerability Management

Delivers large-scale, cross-platform vulnerability assessment and remediation, with available configuration compliance, patch management and compliance reporting.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Cofiguration Compliance Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More

Retina CS Enterprise Vulnerability Management

The Patch Management Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More

Retina CS Enterprise Vulnerability Management

The Regulatory Reporting Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More

Retina Network Security Scanner

Integrated network, web & virtual vulnerability assessment. Retina is the security industry’s most respected and industry-validated security scanner and serves as the engine for our vulnerability management solutions. There is no better option for securing your network from vulnerabilities.

Learn More

Retina Web Security Scanner

Rapidly and accurately scan large, complex web sites and web applications to tackle web-based vulnerabilities including cross-site scripting (XSS) and SQL injection.

Learn More

PowerBroker Event Vault

Automate and streamline the collection and management of standard Windows event log data and provide scalable and flexible centralized storage in the PowerBroker event database.

Learn More

PowerBroker Identity Services

Quickly and easily integrate your Unix and Linux servers into your Active Directory infrastructure.

Learn More

PowerBroker Identity Services Open Edition

Available as a free and open source version of PowerBroker Identity Services, giving you the access and flexibility to tailor your Active Directory bridging project

Download Now

PowerBroker for Unix & Linux

Quickly and easily manage root access on Unix and Linux servers, without ever disclosing the system password.

Learn More Request a Free Trial

PowerBroker for Sudo

Centralized policy, logging and version control for sudo activities.

Learn More Request a Free Trial

PowerBroker for Mac

Enable standard users on Mac OS X to perform administrative tasks successfully without entering elevated credentials.

Learn More Request a Free Trial

PowerBroker for Windows

Implement least privilege for your Windows desktop environment, reducing attack surface and driving down costs.

Learn More Request a Free Trial

PowerBroker Auditor
for Active Directory

Track unauthorized changes to Active Directory and Group Policy configurations.

Learn More Request a Free Trial

PowerBroker Auditor
for Exchange

Tracks and reports all changes made to all Exchange Server configurations, groups, mailbox policies, information store changes, and permissions in a centralized audit log.

Learn More Request a Free Trial

PowerBroker Auditor
for File System

Enables tighter security and control over file system resources, including real-time tracking, interactive analysis, and flexible reporting on all key share, file, and folder changes.

Learn More Request a Free Trial

PowerBroker Auditor
for SQL Server

Monitor and review privileged user changes on SQL servers. Easily map your SQL activities with regulatory mandates such as GLBA, SOX, HIPAA, and PCI through consistent auditing and reporting.

Learn More Request a Free Trial

PowerBroker Privilege Explorer

Provides a centralized view of access and privileges, so you can be sure that users have access to the resources they need to do their jobs, and only those resources.

Learn More Request a Free Trial

PowerBroker Endpoint Protection Platform

Formerly known as "Blink", multi-layered security and attack prevention for windows desktops and servers.

Learn More Request a Free Trial

PowerBroker Recovery
for Active Directory

Advanced continuous data protection for Active Directory, providing unparalleled visibility and change control.

Learn More Request a Free Trial

PowerBroker Servers Enterprise

Combine the power of our Unix/Linux root delegation and our AD bridging for an enterprise approach to server compliance

Learn More Request a Free Trial

PowerBroker Password Safe

Automate Password Management for Increased Security across your entire dynamic infrastructure.

Learn More Request a Free Trial


A cloud-based, external vulnerability assessment solution that conducts fast, affordable security assessments of your public-facing network infrastructure and web applications.

Learn More Request a Free Trial


Merge privileged account management and vulnerability management solutions into a single, contextual lens through which to view and address user and asset risk.

Learn More Request a Free Trial

Retina Protection Agent

Close the security gap created by systems that can't be reached with remote vulnerability assessments alone with this lightweight agent for local vulnerability assessment, continuous zero-day vulnerability monitoring, and intrusion prevention.

Learn More

Configuration Compliance Module

This Retina CS add-on module defines and manages security policies to monitor compliance with industry and internally developed benchmarks such as Microsoft, NIST, USBCG, and DISA STIGs.

Learn More

Patch Management Module

This Retina CS add-on module seamlessly integrated, automated, agentless Windows patch management closes the loop on unpatched vulnerabilities.

Learn More

Regulatory Reporting Module

This Retina CS add-on module contains automated solutions to help navigate complex corporate policies, government regulations, and industry standards such as SOX, PCI, FISMA, and ISO.

Learn More

BeyondInsight Built-In

PowerBroker Servers Enterprise is part of the BeyondInsight IT Risk Management Platform, which unifies PowerBroker privileged account management solutions with Retina CS Enterprise Vulnerability Management. Capabilities include:

  • Centralized solution management and control via common dashboards
  • Asset discovery, profiling and grouping
  • Reporting and analytics
  • Workflow and ticketing
  • Data sharing between Retina and PowerBroker solutions

The result is a fusion of user and asset intelligence that allows IT and security teams to collectively reduce risk across complex environments.

PowerBroker Servers Enterprise

Vulnerability Management

Identifying, prioritizing, remediating, and mitigating
computer and network vulnerabilities.

Privileged Account Management

Managing user authorization to prevent internal data
breaches and meet compliance regulations.

PAM & VM For
Stronger IT Security