Vista Deployments

In Windows Vista Microsoft introduces a new technology, User Account Control (UAC). The goal of UAC is to allow all users, including local administrators, to run with non-administrative privileges when they are not required. This is an important move for Microsoft and validates the seriousness of the security threat posed by running with elevated privileges.

Windows Vista UAC can be configured in two ways for standard users who do not have administrator rights:

• to prompt users to provide their administrator passwords in order to run applications that require elevated privileges;
• or to not prompt users and deny the use of applications or features that require elevated privileges.

Microsoft recommends that enterprises increase security by running users without administrator rights and setting UAC to no prompt mode. Distributing administrator passwords to standard users is not a secure solution. It places the security decision of which applications to elevate in the hands of the user instead of a network administrator. Additionally, these credentials can enable users to circumvent security policies, make ill-advised system changes and run or install applications as an administrator.

BeyondTrust Privilege Manager allows administrators to configure an environment in which Vista end-users can run all required applications and perform all authorized tasks without administrative privileges or administrator passwords.

Together, Privilege Manager and Vista UAC, set to no prompt mode, will:

• Enable end users without administrative privileges to run all applications
• Allow restricted users to self install approved applications and ActiveX controls
• Operate transparently to the end-user – no pop-ups or consent dialogues
• Centralize control – network admins make security decisions, end-users do not
• Provide additional security from IE Protected mode

More Information
For more information about BeyondTrust Privilege Manager sign up for a webinar.