Flexibility is power. It’s now simple to give all your users the privileges they need to remain productive, empowering them wherever they are without impacting the security posture of your systems and networks. With Privilege Guard all users operate under a least privilege account and privileges are assigned directly to the applications that require them.
Regardless of your operating environment, physical, virtual or cloud the challenge to retain control and manage application privileges remains the same. Privilege Guard enables you to centrally manage application privileges across all delivery mechanisms.
Avecto Introduction
Download datasheet
Flexible Desktop Lockdown
Preventing users from making unwanted desktop changes without restricting them from performing their job function continues to pose serious challenges for almost all organizations. Striking a balance between providing users with a degree of control over their desktop configuration and protecting the standard desktop build is difficult, as this control often results in granting admin rights to a user.
Once granted, admin rights give a user control over every aspect of their desktop configuration, a scenario that does not sit well within a corporate environment. Users with admin rights also carry a greater threat from malware, as payloads are almost always more destructive under a privileged account. The increase in the deployment of laptops adds to this problem, as laptop users often require an even greater degree of freedom than users with desktops.
|
|
Privilege Management
Rather than giving admin rights to users, Privilege Guard can assign elevated rights to individual applications and tasks. With Privilege Guard you can assign admin rights or custom privileges to the applications that require them.
|
|
|
Application Control
Not all applications require admin rights to install and some applications don’t need to be installed. Block the execution of unauthorized applications, including software installers and scripts. Advanced users may be warned of their actions and audited.
|
|
|
On Demand Elevation
For the more demanding user, Privilege Guard integrates with the Windows shell menu to provide an "on demand" elevation facility. All elevated applications are audited, ensuring the user does not abuse this privilege and they can optionally be warned of their actions.
|
|
|
End User Messaging
Present your users with customizable messages before an application is launched or blocked. The messaging includes full multi-lingual support, and users may optionally be prompted to re-authenticate or to provide a reason. For a corporate look and feel you can also add your company logo.
|
|
|
Privilege Monitoring
Privilege Guard can monitor application behaviour and log events for any application that would fail to run under a standard user account. More detailed activity logs can also be captured, which enable closer inspection of any privileged operations.
|
|
|
Centralized Management
Privilege Guard is tightly integrated with Windows Group Policy and no additional backend infrastructure is required to implement the solution. It can be configured in minutes and deployed through Active Directory Group Policy to an entire desktop estate.
|
|
|
Simple Policy Configuration
Enabling an application to run with elevated rights couldn’t be easier. Define the application in the Privilege Guard Policies, set its identification options and simply assign the application to the users who require elevated rights over it.
|
|
|
Auditing and Reporting
Application activity is audited and may be centralized through Microsoft Windows Event Forwarding. The Privilege Guard reporting console provides centralized reporting on applications and their assigned privileges.
|
