Following on from my previous blog on advanced hyperlink use cases, here is another great use case which I’d like to share.
Alternate execution for On Demand
It is quite common for organizations to implement a general On Demand policy to facilitate access to privileges. This can either be rolled out as a trust based model (backed by auditing), or through helpdesk authorization (with Challenge / Response codes). You may also define a policy that explicitly blocks On Demand admin privileges for specific applications, in which case you would present them with a blocking message.
Normally the message would be dismissed, and the end user would have to run the application again. But you can make this a lot more user friendly by offering a link on the message to run the application instead, with standard rights. This would use the file: hyperlink in combination with some parametrized information on the application. The example configuration below demonstrates this:
Allowing the user, with a single click, to dismiss the message and automatically run the application again with standard user privileges.
I think this proves there is a lot of flexibility in the Privilege Guard message, and I hope you can make use of this, or any of my previous examples.
Edit: Privilege Guard has now evolved into the brand new security suite, Defendpoint, which encompasses Privilege Management, Application Control and Sandboxing. For more information, please visit www.avecto.com/defendpoint.
Kris Zentek, Senior Product Manager
Kris Zentek is a Senior Product Manager at BeyondTrust, focusing on Endpoint Privilege Management solutions. Based in the UK, he has over 20 years of experience working in the cybersecurity industry.