BeyondTrust Privilege Manager
Eliminate Admin Rights, Enforce Least Privilege and Securing the Desktop

BeyondTrust Privilege Manager Overview
End-users with administrator rights have long been the Achilles' heel of desktop security. These rights can be exploited by malware and users to change standard desktop configuration settings, install unlicensed software and disable other security solutions. However, there is a need to allow end-users to run applications that require administrator rights, and install approved software and ActiveX controls.

Eliminate Admin Rights with BeyondTrust Privilege Manager
Until BeyondTrust Privilege Manager was introduced in 2005, the only way to answer these end-user needs had been to make each user a member of the administrators group and provide them with administrator rights, creating significant security issues. Privilege Manager solves this dilemma by allowing network administrators to attach permission levels to Windows applications and processes.

Privilege Manager is implemented as a true Group Policy extension. Simply specify the application and which permissions and privileges should be added to the process token when the application is launched. By setting Privilege Manager policy, end-users without administrative privileges will be able to run all applications.

BeyondTrust Privilege Manager Will Enable Organisations to:

• Preserve a standard desktop configuration by allowing users to manage only approved computer settings, such as connecting to local printers
• Achieve compliance with regulatory mandates by configuring all users as standard users, while still allowing users to run approved applications that require admin rights
• Prevent unlicensed software installation by allowing users to install only authorised software
• Reduce data theft by preventing access to private data saved locally by other computer users
• Increase desktop security by reducing the malware attack surface and blocking unauthorised installations
• Implement least privilege by providing only the minimum amount of privileges and permissions necessary for applications to run
• Ease the deployment of Windows Vista by reducing the number of User Account Control pop-ups
• Centralise control by placing security decisions in the hands of network admins instead of end-users

BeyondTrust Privilege Manager Features
BeyondTrust Privilege Manager Allows Standard Users to:

Run any authorised application that requires administrator privileges

• Off-the-shelf
• 3rd Party developed
• In-house developed

Manually change authorised system level configurations

• Local printers
• System time

Install approved ActiveX Controls

• Installing ActiveX controls and other Internet Explorer components
• Named ActiveX controls
• ActiveX controls from specific URLs
• ActiveX controls from wildcard URLs

Install approved applications

• Self-service software installation points (unmanaged software installs)

Additional Features & Functionality

• Operates transparently to the end-user without pop-ups or consent dialogues
• Configure rules by targeting applications, computers and users using standard Group Policy conventions and Privilege Manager filters
• Supports Windows 2000, XP, Server 2003, Vista and Windows 64-bit platforms