Privilege Management for Windows & Mac

Watch the full demo to see these features in action.

Eliminate Admin Rights without Disrupting the Business

BeyondTrust Privilege Management for Windows and Mac is designed to deliver a fast time-to-value and minimize business disruption. Unlike traditional privilege management products that can take months to properly configure, we get you up and running in mere hours. We’ve leveraged years of deployment scenarios to create out-of-the-box workstyles meant to cover the vast majority of enterprises and significantly reduce implementation efforts.

No other product can offer this level of convenience, flexibility, and speed during deployment.

Pre-built workstyle templates cover 80% of use cases

Quick Start Policies

Quick Start Templates are flexible, out-of-the-box workstyles that let you immediately eliminate admin rights for everyone on day 1 without disrupting the business.

Our built-in policies are based on experience thousands of deployments across even the most complex organizations. And they work immediately out-of-the-box. This rapid on-boarding process means you can remove overnight without productivity loss.

Templates work for all users, from the least privileged desktop user to advanced developers and sysadmins.

Our default settings cover 80% of use cases. Exception handling covers the rest. And recorded behavioral data let's you make policy improvements over time for each specific user group.

Stop Zero Day Threats with Trusted Application Protection

Trusted Application Protection

Many cyber attacks target trusted applications. Trusted applications remain a threat even if you've removed admin rights. Attackers can use script-based malware in Office documents and PowerShell to conduct file-less attacks and evade detection.

The pre-built templates within Trusted Applications Protection stop attacks involving trusted apps, catching bad scripts and infected email attachments immediately.

Use it to protect trusted applications such as Word, PowerPoint, Excel, Adobe Reader, common web browsers, and more by controlling their child processes and DLLs.

Use challenge-response codes before sysadmins run Registry Editor

Application Control

An automated whitelist and elegant exception handling give you total control over what users can install or run. Deliver trust-based application whitelisting with a flexible policy engine. You can utilize challenge-response codes for low-flexibility application control, or allow automatic approval, protected by full audit trails, for advanced users.

Our automated whitelist is made up of applications that are allowed through Group Policy, installed by a genuine administrator, or deployed to the machine via the organizations deployment tool, like SCCM or Altiris.

  • Block or allow applications for each group of users
  • Improve compliance by tracking processes, installations, and attempted installations
  • Add applications to policies with simple copy & paste
  • Whitelist applications based on publisher, hash, or other flexible methods

Power Rules

Power Rules let you use PowerShell scripts to automate workflows, create custom behaviors, or build integrations with ITSM and other tools.

Power Rules can help speed decisions on whether to allow an application to run or run elevated by automating the integration of third party intelligence sources.

Enterprise Auditing & Reporting

Provide a single audit trail of all user activity to streamline forensics and simplify compliance. Graphical dashboards and reports with drill-down options provide fast access to as much detail as you need.

In addition to providing an audit trail, reports also make it easy to refine and improve you security policies.

  • Every user, process, and privilege
  • All net-new applications
  • Privileged account protection logs
  • Trusted Application Protection events
  • Custom reports, and more!