Software manages operating permissions on per-task basis.
Share:
Press Release Summary:
PolicyMaker(TM) Application Security v3.0 makes it possible to reduce or elevate permissions on per-application or per-task basis in Windows Vista and 64-bit Windows platforms. This allows implementation of security best practice of Least Privilege, allowing administrators to implement this principle and lockdown desktops by adjusting application privilege levels to lowest possible point while still allowing end-users to perform authorized tasks.
Original Press Release:
DesktopStandard Announces Release of PolicyMaker(TM) Application Security 3.0
Vendor will use TechEd 2006 to Introduce Support for x64 Bit Platforms and Windows Vista
BOSTON, June 12 -- Microsoft TechEd 2006 -- DesktopStandard Corporation, the leading developer of Group Policy-based enterprise desktop management and security products, announced the release of PolicyMaker(TM) Application Security (PMAS) 3.0 at the Microsoft TechEd Conference 2006 in Boston, MA. The release introduces product support for Windows Vista and 64 bit Windows operating systems. PMAS 3.0 is the only product to make it possible to reduce or elevate permissions on a per-application or per-task basis in Windows Vista and the 64-bit Windows platforms, including Windows Server 2003 x64, XP x64, XP Professional x64 and Vista x64. This support further lowers the barriers to implementation of the security best practice of Least Privilege.
The security principle of Least Privilege requires that each system end- user be granted the least amount of privileges necessary to use authorized applications and perform authorized tasks. With PMAS 3.0 administrators can implement this principle and lockdown desktops by allowing administrators to adjust application privilege levels to the lowest possible point while still allowing end-users to perform authorized tasks.
A common problem network administrators face is that restricted end-users should not be entitled to local administrator or even power user status, yet there is a need to allow them to run a particular set of applications that require elevated permissions and to manage certain system settings. There is also no secure way on any Windows platform to allow non-administrators to install approved applications or browser components, such as ActiveX controls.
"The only resolution to these problems has been to make each user a member of the Administrators group and provide them with an administrative login. However, this violates the principle of Least Privilege and presents significant security problems; end-users have the ability to circumvent all local computer security," said John Moyer, DesktopStandard's President and CEO. "PMAS 3.0 solves these issues and significantly reduces the damage that can result from malware, user error, or unauthorized malicious use, and increases compliance with regulatory mandates such as the Sarbanes-Oxley, HIPAA and Gramm-Leach-Bliley acts."
The latest version of PMAS 3.0 allows administrators to:
o Elevate the permission level for restricted users who are performing selected authorized tasks or running applications that require higher privileges than those to which the user is normally entitled. This eliminates the need to raise each user's privilege levels for all applications or to require that the restricted user be provided with a local administrator login to perform the tasks, both of which would expose the network to unnecessary risk.
o Provide self-service software installation points for restricted users, greatly reducing administrator workload in supporting unmanaged software installation without compromising security. Many organizations have libraries of software packages that end-users may elect to install by simply browsing to them on a network location. This capability makes it a simple task to support secure elevated permissions installation of such executable and Windows Installer packages.
o Reduce the permission level for administrators working on applications such as Internet Explorer and Microsoft Outlook. This avoids the use of full administrative permissions for applications that do not have such a need, and without the requirement to log out and then in as a different user, use the Windows RunAs utility to work under a second user account, or invoke other complicated procedures such as frequent dialog prompts that are difficult to enforce and reduce productivity.
o Enforce common best practice security standards across multiple Windows platforms. Organizations frequently support multiple Windows platforms and are hampered by the inability to enforce or maintain common security policy. Using PMAS 3.0 administrators apply and enforce the same security policies via Microsoft's Group Policy change and configuration management system across Windows 2000, Windows XP, Windows 2003 Server, Windows Vista and all x64 bit Windows operating systems.
Gilroy Freeth, Sr. Technical Architect for Bechtel Nevada, a subsidiary of Bechtel Corporation, explains, "PolicyMaker Application Security plays a critical role in our strategy to enforce the security principle of Least Privilege at the Department of Energy (DOE) National Nuclear Security Administration Nevada Site Office. At this location the DOE has over 3,500 end-users who all use numerous applications that require elevated permissions. In addition to our need to manage application privileges, we must be able to selectively allow our end-users to self-install certain software, such as printer drivers. Without this product we would not be able to solve these issues and we would have to run all of our end-users as administrators. We look forward to version 3.0, extending this solution to Windows Vista and 64 bit platforms. The alternative of giving end-users local administrator passwords to run certain applications is not an acceptable security solution for Bechtel and the DOE as it does not effectively allow us to reduce end-user permissions."
Pricing, Specifications and Availability
PolicyMaker Application Security 3.0 is available from DesktopStandard and authorized resellers. Pricing starts at $27 per seat for enterprises with less than 1,000 computers, including one year of upgrade assurance and technical support.
About DesktopStandard Corporation
DesktopStandard Corporation is the leading developer of Group Policy-based enterprise desktop management products. The company has more than 3,500 customers, more than 4 million desktops under management and a worldwide network of integrators and resellers. DesktopStandard is a Microsoft Gold Certified ISV. For more information, visit http://www.desktopstandard.com/.
DesktopStandard, PolicyMaker and GPOVault are the trademarks or registered trademarks of DesktopStandard Corporation. Other product and company names herein may be trademarks of their registered owners.
