PowerBroker for Windows: Privilege and Session Management

Manage privileges and control applications on physical and virtual Microsoft® Windows desktops and servers, speeding least-privilege enforcement across all Windows assets.

Innovative Privilege and Session Management for Windows Servers and Desktops

PowerBroker for Windows is a simple, fast and flexible solution for privilege management and application control on physical and virtual Microsoft Windows desktops and servers. It enables you to leverage Active Directory Group Policy or BeyondTrust’s BeyondInsight Web Services to enforce least-privilege policies by eliminating Windows admin privileges, maintaining application access control, and logging privileged activities. As a result, your organization is protected against internal and external threats, including accidental or intentional misuse of privileged access.

  • Eliminate administrative privileges and elevate privileges on an as-needed basis, without exposing passwords or hampering productivity
  • Enforce least-privilege access based on an application’s known vulnerabilities via patent-pending Vulnerability-Based Application Management capabilities
  • Demonstrate compliance and share progress towards meeting audit goals
  • Set policies via Active Directory Group Policy or BeyondInsight Web Services
  • Monitor event logs and file integrity for unauthorized changes
  • Capture keystrokes and screens when rules are triggered; with searchable playback
PowerBroker for Windows Desktops
University of Winchester
“PowerBroker for Windows is the perfect solution for our IT needs. No longer are we required to ‘punch holes’ in our security in order to complete certain tasks.” Ian Short, Applications Infrastructure Manager,
University of Winchester
PowerBroker for Windows

BeyondInsight Built-In

PowerBroker for Windows is part of the BeyondInsight IT Risk Management Platform, which unifies PowerBroker privileged account management solutions with Retina CS Enterprise Vulnerability Management. Capabilities include:

BeyondInsight Built-In
  • Centralized solution management and control via common dashboards
  • Asset discovery, profiling and grouping
  • Reporting and analytics
  • Workflow and ticketing
  • Data sharing between Retina and PowerBroker solutions

The result is a fusion of user and asset intelligence that allows IT and security teams to collectively reduce risk across complex environments.


Privilege Management,
Made Easy

Grant administrator privileges to applications and tasks – not users - without providing administrator credentials.

Automate Your Way to Better
Security and Compliance

PowerBroker for Windows learns what applications and tasks your users run on Windows assets and what privileges are required. Instantly create policies to elevate the right applications and tasks for the right users.

Application Control
and Whitelisting

Reduce attack surface, while stopping malware before it is installed by ensuring your users are only running approved applications with the proper privileges.

Integration with BeyondInsight IT Risk Management Platform

Free for all PowerBroker for Windows customers. Advanced features including dynamic asset discovery and targeting, flexible alerting and reporting, advanced analytics, and centralized I/O index and search capabilities.

Why BeyondTrust for Desktop Security

  • Lower desktop support costs 40% or more by removing Admin and implementing least privilege
  • Immediate time to value with extensive reporting, discovery, automated rule generation, and more flexible rules
  • Meet internal and external compliance needs by ensuring all users log on with a standard user account, and monitor their activities with Session Monitoring
  • Eliminates the intentional, accidental, and indirect misuse of privileges on Windows assets.
  • Protect from the internal threat by blocking prohibited applications (such as known hacking tools) from ever running
  • Proactively identifies applications and tasks that require administrator privileges, before removal of administrator privileges occurs.
  • Centrally managed application control and elevation policies for easy auditing and management
  • Monitor, alert or block file system changes, even when users have elevated privileges with File Integrity Monitoring
Desktop Security

Retina CS Policy Deployment
PowerBroker for Windows Desktops

PowerBroker for Windows 6.5 can now optionally be deployed from within Retina CS, with no dependency on Group Policy. This allows version 6.5 to support non-AD environments and computers that are not members of a domain.

File Integrity Monitoring
PowerBroker for Windows Desktops File Integrity Monitoring

File Integrity Monitoring is a new feature in the 6.5 release that allows organizations to explicitly control what files a user or application can access, even when the app or user is running with admin rights. File Integrity Monitoring allows organizations to monitor, alert and deny changes to directories and files, preventing unwanted or malicious changes to the file system. Learn more about File Integrity Monitoring here:

Session Monitoring
PowerBroker for Windows Desktops Session Monitoring

The latest release of PowerBroker for Windows also includes session monitoring, which allows organizations to go beyond traditional privilege management logging. With Session Monitoring, organizations can capture mouse clicks, keystrokes and screen captures for any process, including processes that are running with administrator privileges. Learn more about Session Monitoring here:

Modern Look and Feel
PowerBroker for Windows Desktops improved UI

BeyondTrust has completely refreshed the user interface for application rule creation to make it more intuitive, easier to use and beautiful to look at. Not only have we improved the network administrator experience, we’ve also provided innovative, new, at-a-glance statistics for rules, right inside the product dashboard.

Related Products

To learn more about our products for securing your virtual environments, select a product area below:

PowerBroker Auditor for Active Directory

Track unauthorized changes to Active Directory and Group Policy configurations

PowerBroker Identity Services

Quickly and easily integrate your Linux and Unix servers into your Active Directory Infrastructure

Retina CS Enterprise Vulnerability Management

Delivers large-scale, cross-platform vulnerability assessment and remediation, with available configuration compliance, patch management and compliance reporting.


  • Whats New in Version 6.5
    Whats New in Version 6.5
  • PowerBroker for Windows 6.5 - Enhanced User Interface
    Enhanced User Interface
  • PowerBroker for Windows 6.5 - Risk Compliance
    Risk Compliance
  • File Integrity Monitoring
    File Integrity Monitoring
  • Implementing Least Privilege
    Implementing Least Privilege
  • Session Monitoring
    Session Monitoring
  • A Risk Based Approach to Implementing Least Privilege
    A Risk Based Approach to Implementing
    Least Privilege
  • Benefits of the Retina Platform
    Benefits of the Retina Platform
  • PowerBroker for Windows Desktop and Server Use Cases
    Desktop and Server Use Cases