Whitepapers
-
Resources
Privileged Access Threat Report 2019
Find out about the latest major security threats facing companies and how to truly defend your business from inside and out.
Download the ReportOn the Blog
News
Find out about the latest major security threats facing companies and how to truly defend your business from inside and out.
Download the ReportFollowing on from my previous blog on advanced hyperlink use cases, here is another great use case which I’d like to share.
It is quite common for organizations to implement a general On Demand policy to facilitate access to privileges. This can either be rolled out as a trust based model (backed by auditing), or through helpdesk authorization (with Challenge / Response codes). You may also define a policy that explicitly blocks On Demand admin privileges for specific applications, in which case you would present them with a blocking message.
Normally the message would be dismissed, and the end user would have to run the application again. But you can make this a lot more user friendly by offering a link on the message to run the application instead, with standard rights. This would use the file: hyperlink in combination with some parametrized information on the application. The example configuration below demonstrates this:
Allowing the user, with a single click, to dismiss the message and automatically run the application again with standard user privileges.
I think this proves there is a lot of flexibility in the Privilege Guard message, and I hope you can make use of this, or any of my previous examples.
Edit: Privilege Guard has now evolved into the brand new security suite, Defendpoint, which encompasses Privilege Management, Application Control and Sandboxing. For more information, please visit www.avecto.com/defendpoint.
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.