Signing policies in Privilege Guard 2.8

Privilege Guard 2.8 (Edit: now Defendpoint) introduces the ability to digitally sign policies using a certificate from a PFX file. This ensures that the policies deployed to a client have been published by a trusted source and are genuine. A unique Object Identifier (OID) is used to verify that policies have been signed with an authorized certificate.

Delegated Policy Management

Signing policies is achieved through the Privilege Guard Management Console from the right click menu on the ‘Privilege Guard Policies’. Any policies that have previously been signed cannot be edited unless you know the PFX password. This prevents any other domain or local administrators from adding or implementing unwanted policy settings, either within Active Directory or on the local endpoints.

Cached Policy Assurance

The signatures embedded into deployed policies verify that policies stored in the local cache have not been tampered with, adding an extra layer of security on endpoints.

Three Modes of Operation

The Privilege Guard Agent can be installed in one of three operational modes, depending on the level of signed policy enforcement required:

1. Certificate Enforcement Mode - The agent will load correctly signed policies. Unsigned or incorrectly signed policies will not be loaded, and an error will be audited.
2. Certificate Warning Mode - The agent will load correctly signed policies. Unsigned and incorrectly signed policies will also be loaded, but a warning will be audited.
3. Standard Mode - The agent will load both correctly signed and unsigned policies. Incorrectly signed policies will also be loaded, but a warning will be audited.

Policy Auditing

New events have been added which audit all policy activity on the client, including the source, version and security status. Depending on the agent installation mode and state of the policy, the event number and severity will be audited as follows:

Signed policies significantly enhance the security of Privilege Guard by restricting which administrators are allowed to modify centrally or locally managed policies, and ensures that cached policies have not been tampered with or overwritten.