Beyondtrust

PowerBroker for Windows: Privilege and Session Management

Manage privileges and control applications on physical and virtual Microsoft® Windows desktops and servers, speeding least-privilege enforcement across all Windows assets.

Least-Privilege Management for Windows
Servers and Desktops

PowerBroker for Windows is a simple, fast and flexible solution for least-privilege management and application control on physical and virtual Microsoft Windows desktops and servers. It enables you to enforce least-privilege policies by removing administrator privileges from users, enforcing Standard User permissions, maintaining application access control, and logging privileged activities. As a result, your organization is protected against internal and external threats, including accidental or intentional misuse of privileged access.

  • Rely on patented technology that elevates privileges on an as-needed basis, without exposing passwords or hampering productivity
  • Enforce least-privilege access based on an application’s known vulnerabilities via patented Vulnerability-Based Application Management capabilities
  • Demonstrate compliance and share progress towards meeting audit and compliance goals
  • Monitor event logs and file integrity for unauthorized changes to key files and directories
  • Capture keystrokes and screens when rules are triggered; with searchable playback for complete documentation of privileged activity
PowerBroker Windows Events by Risk

PowerBroker Windows: Events by Risk

"PowerBroker for Windows provides a solution that is transparent to users and gives them the ability to do their jobs safely, without administrator rights."

Care New England Keith Lee, End User Support Manager
Care New England
[Read the Case Study]
LEAST-PRIVILEGE MADE SIMPLE
Eliminate the intentional, accidental and indirect misuse of privileges on physical and virtual Microsoft Windows desktops and servers. Block prohibited applications from running and gaining access to Windows assets.
VULNERABILITY-BASED APPLICATION MANAGEMENT (VBAM)
Leverage patented technology to automatically scan applications for vulnerabilities at run time – triggering alerts, reducing application privileges, or preventing launch altogether based on agency or department policy.
ACTIVITY MONITORING FOR ACCOUNTABILITY
Ensure accountability with included Windows Event Log monitoring. Add optional file session monitoring and integrity monitoring for comprehensive auditing, reporting and change control across all privileged activity.
ADVANCED ANALYTICS AND REPORTING
Gain unmatched visibility into Windows user activity with centralized analytic and reporting for executives, auditors, security and operational teams.

LEAST-PRIVILEGE FOR WINDOWS DESKTOPS AND SERVERS

  • Eliminate administrator rights: Prevent intentional, accidental, and indirect misuse of privileges on Windows assets.
  • Block malicious activity: Enforce restrictions on software installation, usage, and OS configuration changes.
  • Ensure compliance: Meet internal and external compliance needs by enforcing least-privilege and monitoring privileged activities.
  • Ensure productivity: Default all users to standard privileges, while enabling elevated privileges for specific applications and tasks without requiring administrative credentials.
  • Protect file systems: Add optional file integrity monitoring to identify, and even deny, unauthorized changes.
  • Record sessions: Add optional session monitoring to capture screens of privileged user activity with keystroke logging to document all privileged changes to an asset.

GRANULAR APPLICATION RISK MANAGEMENT

  • Control application usage: Blacklist hacking tools, whitelist approved applications, and greylist applications based on rules to keep systems safe.
  • Allow Admin where needed: Proactively identify applications and tasks that require administrator privileges – and automatically generate rules for privilege elevation.
  • Leverage Vulnerability-Based Application Management: Scan applications at runtime for vulnerabilities and allow, deny or alter privileges based on regulatory violations, vulnerability severity, and/or vulnerability age – based on the award-winning Retina vulnerability database.
  • Simplify application management: Rules-based approach eliminates the need to manage complex whitelists with thousands of signatures for complete application control.

UNMATCHED VISIBILITY

  • Pinpoint suspicious activity: Monitor Windows Event Logs for anomalies and analyze through BeyondInsight Behavioral Analytics.
  • Maintain awareness: Monitor UAC events, application rules, requested elevations, denied applications, and more.
  • Ensure accountability: Add optional session monitoring for rules-based activity recording, including screenshots and searchable keystroke logs.
  • Understand and communicate risk: Leverage an interactive, roles-based reporting and analytics console, backed by a centralized data warehouse for ongoing audits of privilege management activities.

BUILT FOR EFFICIENCY

  • Gain control over all accounts: Automatically discover and profile all Windows accounts, and quickly bring them under centralized management.
  • Ease policy creation and management: Set policies via Active Directory Group Policy or BeyondInsight Web Services, with support for air-gapped systems and non-domain assets.
  • Ensure adoption and usability: Provide a modern, easy-to-use interface for end-users, plus an innovative dashboard for solution owners.
  • Reduce help desk costs: Lower support costs 40% or more by removing Admin without raising barriers to end-user productivity.

Datasheet

PowerBroker for Windows

PowerBroker for Windows

Download this overview document containing capabilities, highlights and competitive advantages of our PowerBroker for Windows privilege and session management for Microsoft Windows. PowerBroker for Windows is a simple, fast and flexible solution for privilege management and application control on physical and virtual Microsoft® Windows desktops and servers, helping administrators protect against both internal and external threats, including the accidental or intentional misuse of privileged access.

Documentation

PowerBroker for Windows 6.6 New and Updated Features

PowerBroker for Windows 6.6 New and Updated Features

PowerBroker for Windows version 6.6 adds several new features that add business context to security exposures and make it easy to understand, prioritize and communicate privileged access risk within the organization. This document details these features including client localization, tamper protection, IE 11 enhancements and BeyondInsight reporting.

Case Study

Care New England Selects PowerBroker to Secure their Desktop Infrastructure

Care New England Selects PowerBroker to Secure their Desktop Infrastructure

This case study describes how Care New England uses PowerBroker for Windows to support over 4,800 desktops and over 10,000 desktop end users, which includes over 250 applications such as Horizon.

Case Study

FFVA Mutual Insurance  Company

Customer Success Story: FFVA Mutual Insurance Company

This specialty insurance provider needed to eliminate the risks to their enterprise by allowing users administrative privileges. By selecting PowerBroker for Windows with BeyondInsight, the system vulnerabilities were resolved without affecting employee productivity.

White Paper

Application Control: The PowerBroker for Windows Difference

Application Control: The PowerBroker for Windows Difference

Discusses how application control solutions are designed to block the execution of unauthorized applications and how PowerBroker for Windows is the next-generation solution for application control. When integrated with Windows, application privileges are simply controlled with just a few rules.

White Paper

PowerBroker for  Windows: Risk Compliance

PowerBroker for Windows: Risk Compliance

BeyondTrust has developed patent-pending technology to fuse the risk of vulnerable applications, application control, regulatory compliance, and least privilege into the next generation of endpoint security solutions. This fusion addresses the concerns of whitelisting vulnerable applications and can match application privileges and runtime operations to regulatory compliance requirements based on abstract and industry standard risk concepts.

White Paper

Building a Secure and  Compliant Windows Desktop

Building a Secure and Compliant Windows Desktop

Virtually every organization is being compelled to improve client security. Auditors, regulators and business unit owners all recognize the threat unsecured desktops pose, and understand the need to comply with the myriad of regulatory and governance issues that make today’s headlines.

White Paper

Challenges of  Managing Privileged Access

Challenges of Managing Privileged Access

Discusses the goals and challenges of creating a privileged access management program for your Windows desktops and servers in an enterprise environment. Privileged access is a key issue these days, especially on desktops, for which an over-privileged user can be a weapon of destruction on your internal network if they inadvertently download and install malware.

White Paper

Achieve True Principle  of Least Privilege for Server Administration in Microsoft Environments

Achieve True Principle of Least Privilege for Server Administration in Microsoft Environments

As Windows grew to fill roles in larger networks, both the OS and the server products built upon it did not always evolve to include more granular permission structures for administrators. The result has been an industry that, in general, relies on fully-privileged administrator accounts to accomplish even minor administrative tasks. We know it is a poor practice, but what else can we do?

White Paper

AppLocker and PBWD

AppLocker and PBWD

AppLocker, which was introduced in Windows 7, provides powerful technology for controlling application execution for enterprises. By implementing AppLocker policy, organizations can better control what applications can install and run on desktops via White Lists and Black Lists, improving security and reducing the risk that malware poses.

White Paper

From Least Privilege  to Best Privilege on your Windows® Desktops

From Least Privilege to Best Privilege on your Windows® Desktops

These seemingly incongruous needs often come to a head on the Windows desktop, which is the main entry point for the user into an enterprise network. In this white paper, I’ll examine this age-old struggle and help you understand how you can find the right balance with something I call "Best Privilege."

White Paper

Goldie Locks and the  Three Least Privileged Desktops eBook

Goldie Locks and the Three Least Privileged Desktops eBook

Curious about how least privilege applies to you and your organization? Let Goldie Locks show you in this new eBook written by Microsoft MVP Derek Melber. In the story, Goldie Locks plays the role of a recent college graduate, with degrees in marketing and multimedia communications, who is just starting her position in marketing for a mid-sized IT company.

White Paper

Extending the Value  of Group Policy Securely & Effectively

Extending the Value of Group Policy Securely & Effectively

Microsoft Group Policy MVP, Darren Mar-Elia, expertly discusses the capabilities of Group Policy with respect to security configuration, including a number of new features introduced in Windows 7 & Server 2008-R2; how policy gets delivered and the tattooing nature of security settings; the free Microsoft Security Compliance Manager tool and how it can help you define security baselines based on best-practice templates that can be exported to live GPOs; the challenges of using Group Policy as a security compliance solution, including some best practices; and how 3rd parties are leveraging and extending Group Policy as a tool for delivering new Windows security features.

“I’d love to come, but I’m on-call”: Privilege management can relieve holiday help desk headaches

12/3/2014

Part of working in IT means you put in your time “on-call.” Companies either don’t realize there is a better way to allow users to maintain administrative access to endpoints, or they remove admin rights from users but don’t account for the resulting operational inefficiencies. more

Introducing BeyondInsight v5.3: Delivering New Levels of Threat Analytics

11/4/2014

Today, we’re excited to announce new releases of both our Retina vulnerability assessment technology and the BeyondInsight risk management platform. Here’s a brief overview of what’s new in BeyondInsight. With the release of BeyondInsight v5.3, BeyondTrust solutions that come equipped with the centralized BeyondInsight management, analytics and reporting console now benefit from several additional platform... more

Application Control without the Headaches: The PowerBroker for Windows Difference

10/7/2014

Application control solutions reduce IT risk by regulating which programs can be launched on desktops, servers and other assets. For instance, application control can help to prevent malware infections and minimize subsequent damage if a malware infection occurs. IT and security leaders have several technology alternatives to consider when seeking to implement application control in their... more

Troubleshooting Windows Privilege Management Rules with Policy Monitor

8/21/2014

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side... more

Integrating Least Privilege and Password Management to Solve Account Security Challenges

7/24/2014

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:... more

PowerBroker for Windows 6.6 Tamper Protection

7/18/2014

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy... more

Implementing Least Privilege Around the World with PowerBroker for Windows

7/17/2014

BeyondTrust recognizes that international, multilingual businesses have unique operating challenges, especially when it comes to implementing enterprise software. PowerBroker for Windows is a least-privilege solution often deployed across thousands of systems spanning multiple geographies and protecting users of diverse backgrounds. Earlier this year, PowerBroker for Windows introduces new data privacy features for EMEA and APAC,... more

Getting Least Privilege Right on Windows

6/30/2014

Windows doesn’t make least privilege easy Enforcing least-privilege access policies on Windows has never been easy – especially given some fundamental flaws have haunted the OS since the mid-1990s. Consider the following permissions issues: Windows 95 and 98 had a logon screen and could even be joined to the domain, but users could bypass the prompt... more

Accounting for Vulnerability “States” in Your Risk Assessments

6/9/2014

Vulnerability management (VM) processes have had to evolve exponentially in recent years. Most of this evolution has occurred in terms network coverage, as scanners have moved beyond conducting sequential assessments to advanced agent, connector and credentialing technologies. However, most VM applications are still unable to provide meaningful data for prioritizing vulnerabilities in terms of real... more

How to Stop Pass-the-Hash Attacks on Windows Desktops

6/2/2014

One of the most talked about presentations at Microsoft TechEd was Pass-The-Hash: How Attackers Spread and How to Stop Them by Mark Russinovich and Nathan Ide of Microsoft. This presentation demonstrated how simple it is to collect hashes from one machine and leverage them to compromise the entire infrastructure. The publication of attack techniques and lack... more

See all PowerBroker for Windows blog posts

VMware Plug-in for Retina

The industry's first and only vulnerability management solution directly integrated into vCenter.

DATASHEET VMWARE SURVEY Watch Video

Retina CS Enterprise Vulnerability Management

Delivers large-scale, cross-platform vulnerability assessment and remediation, with available configuration compliance, patch management and compliance reporting.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Cofiguration Compliance Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Patch Management Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Regulatory Reporting Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More Request a Free Trial

Retina Network Security Scanner

Integrated network, web & virtual vulnerability assessment. Retina is the security industry’s most respected and industry-validated security scanner and serves as the engine for our vulnerability management solutions. There is no better option for securing your network from vulnerabilities.

Learn More Request a Free Trial

Retina Web Security Scanner

Rapidly and accurately scan large, complex web sites and web applications to tackle web-based vulnerabilities including cross-site scripting (XSS) and SQL injection.

Learn More Request a Free Trial

PowerBroker Event Vault

Automate and streamline the collection and management of standard Windows event log data and provide scalable and flexible centralized storage in the PowerBroker event database.

Learn More Request a Free Trial

PowerBroker Identity Services

Quickly and easily integrate your Linux and UNIX servers into your Active Directory infrastructure.

Learn More Request a Free Trial

PowerBroker Identity Services Open Edition

Available as a free and open source version of PowerBroker Identity Services, giving you the access and flexibility to tailor your Active Directory bridging project

Download Now

PowerBroker UNIX & Linux

Quickly and easily manage root access on UNIX and Linux servers, without ever disclosing the system password.

Learn More Request a Free Trial

PowerBroker for Windows

Implement least privilege for your Windows desktop environment, reducing attack surface and driving down costs.

Learn More Request a Free Trial

PowerBroker Auditor
for Active Directory

Track unauthorized changes to Active Directory and Group Policy configurations.

Learn More Request a Free Trial

PowerBroker Auditor
for Exchange

Tracks and reports all changes made to all Exchange Server configurations, groups, mailbox policies, information store changes, and permissions in a centralized audit log.

Learn More Request a Free Trial

PowerBroker Auditor
for File System

Enables tighter security and control over file system resources, including real-time tracking, interactive analysis, and flexible reporting on all key share, file, and folder changes.

Learn More Request a Free Trial

PowerBroker Auditor
for SQL Server

Monitor and review privileged user changes on SQL servers. Easily map your SQL activities with regulatory mandates such as GLBA, SOX, HIPAA, and PCI through consistent auditing and reporting.

Learn More Request a Free Trial

PowerBroker Privilege Explorer

Provides a centralized view of access and privileges, so you can be sure that users have access to the resources they need to do their jobs, and only those resources.

Learn More Request a Free Trial

PowerBroker Endpoint Protection Platform

Formerly known as "Blink", multi-layered security and attack prevention for windows desktops and servers.

Learn More Request a Free Trial

PowerBroker Recovery
for Active Directory

Advanced continuous data protection for Active Directory, providing unparalleled visibility and change control.

Learn More Request a Free Trial

PowerBroker Servers Enterprise

Combine the power of our UNIX/Linux root delegation and our AD bridging for an enterprise approach to server compliance

Learn More Request a Free Trial

PowerBroker Password Safe

Automate Password Management for Increased Security across your entire dynamic infrastructure.

Learn More Request a Free Trial

BeyondSaaS

A cloud-based, external vulnerability assessment solution that conducts fast, affordable security assessments of your public-facing network infrastructure and web applications.

Learn More Request a Free Trial

BeyondInsight

Merge privileged account management and vulnerability management solutions into a single, contextual lens through which to view and address user and asset risk.

Learn More Request a Free Trial

Retina Protection Agent

Close the security gap created by systems that can't be reached with remote vulnerability assessments alone with this lightweight agent for local vulnerability assessment, continuous zero-day vulnerability monitoring, and intrusion prevention.

Learn More

Configuration Compliance Module

This Retina CS add-on module defines and manages security policies to monitor compliance with industry and internally developed benchmarks such as Microsoft, NIST, USBCG, and DISA STIGs.

Learn More

Patch Management Module

This Retina CS add-on module seamlessly integrated, automated, agentless Windows patch management closes the loop on unpatched vulnerabilities.

Learn More

Regulatory Reporting Module

This Retina CS add-on module contains automated solutions to help navigate complex corporate policies, government regulations, and industry standards such as SOX, PCI, FISMA, and ISO.

Learn More

BeyondInsight Built-In

PowerBroker for Windows is part of the BeyondInsight IT Risk Management Platform, which unifies PowerBroker privileged account management solutions with Retina CS Enterprise Vulnerability Management. Capabilities include:

  • Centralized solution management and control via common dashboards
  • Asset discovery, profiling and grouping
  • Reporting and analytics
  • Workflow and ticketing
  • Data sharing between Retina and PowerBroker solutions

The result is a fusion of user and asset intelligence that allows IT and security teams to collectively reduce risk across complex environments.

PowerBroker for Windows

Vulnerability Management

Identifying, prioritizing, remediating, and mitigating
computer and network vulnerabilities.

Privileged Account Management

Managing user authorization to prevent internal data
breaches and meet compliance regulations.

Fusing
PAM & VM For
Stronger IT Security