NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Videos
    • Glossary
    • Infographics
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Privilege Identity Management - A Help Desk Perspective

October 12, 2012

  • Blog
  • Archive
  1. Home
  2. Blog
  3. Privilege Identity Management - A Help Desk Perspective
Help desk technicians within a company are the first line of defensive for a new project or system problem. Most of the time, they are informed and trained that users will be getting a new piece of security software. The solution, in this case, is called Privileged Identity Management (PIM) and is designed to manage authenticated permissions on their workstations. The technology provides administrative rights to applications and operating systems features that require administrative privileges and allows their normal daily job functions to occur as a standard user. The most frequent questions we hear at BeyondTrust from help desk technician’s are “why are you removing administrator permissions from the end users?” and “How will I support these users when things do not operate like before?”. The answers to these are very simple. As an end user administrative permissions are designed to have complete and unrestricted control of the operating system and applications. In reality, only a subset is ever needed and the excessive permissions can lead to a gaping security hole for malware, configuration issues, and advanced persistent threats. Unfortunately as a help desk technician, you experience these problems all too often. As the solution is deployed, your clients will begin to login as a standard user, and the PIM solution will give them administrative authority to applications and operating system features they need for daily operations. Your role as a help desk technician will be to assist where the escalation rules are missing (or not working) to cover functions that users need for daily business operations. It is important to understand that there are several reasons your organization is adopting the solution. First, like many businesses, commercial and government identities have regulatory controls that stipulate security controls on sensitive data, personal information, and applications. Your business is no different. Auditors periodically may visit your business and review security procedures, policies, and verify the employees and contractors do not have excessive access to systems and data. Tools like PowerBroker satisfy their requirements by placing a control on permissions while allowing elevation of privileges to personnel when appropriate. One other consideration is directly related to security and malware. Malware is a superset term that encompasses all forms of malicious programs from viruses, spyware, and ransom-ware all the way through Advanced Persistent Threats (APT). Statistics show that a very large portion of malware infects computers simply based on the user having administrative access to the host. If this access is removed, the malware and its infection are thwarted. As help desk technicians, this burden should be significantly reduced from your daily support calls due to the removal of administrative privileges from your clients. As you have seen, antivirus solutions alone are not up to the latest challenges. To mitigate these threats, the most common denominator for malware is being restricted; its ability to access administrator privileges on the workstations you support. As with any technology rollout, there are bound to be a few bumps along the way. Remember when you had your first look at the latest version of Windows? Finding where to locate common function was frustrating to many, but it only took a little while to realize it was the same thing but in a different location. PIM is the same way. Your client’s programs and applications will operate the same way, but in some circumstances may request that the end user complete a quick text box explaining why they are using a program or operating system feature. This may sound like an unnecessary step but if they are installing software or administering a phone system or database, management and auditors tend to want to know when and why. These are all part of security best practices and regulatory compliance. One of the common questions you will receive is that some programs (and operating system features) that worked before no longer function. This is the bump in the road that as a help desk technician you will need to resolve. These may be applications, for which rules have yet to be created for applications that require administrative permissions to run or applications that have been explicitly denied from operating due to their inherent risk or potential threat they represent to the organization. A simple discussion with the end user, justification for the application or feature, and following established procedures for information technology administrators to create a rule will rectify this type of problem. If the application is rarely ever used, or one time only, then the Challenge Response Passcode feature of PowerBroker for Windowscan provide temporary relief until decisions about a permanent rule are made. All in all, this project is designed to increase the security of desktops and servers, prohibit common malware from infecting assets, aid in regulatory compliance, and track when sensitive applications are being executed throughout your organization. The process involves changing the way end users login into their computer but is designed to not affect daily job functions. If anything, you will notice end users will have systems that run better because common flaws that can occur as an administrator will simply be avoided. Securing privileges are crucial to the security and operational well-being of your organization. It is being implemented to provide a safer, more standardized computing environment that can be managed better by the help desk, administrators, and information technology teams. The Help Desk is crucial in making this type of project a success and the benefits it offers. For more information, please visit BeyondTrust.
Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

IDSA Report: 2022 Trends in Securing Digital Identities

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Mapping BeyondTrust Capabilities to NIST Zero Trust (SP 800-207)

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Infographics
  • Podcast
  • Videos
  • Webinars
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.