PORTSMOUTH, N.H. -- BeyondTrust Corporation, the first provider of Least Privilege Management solutions, today announced BeyondTrust Privilege Manager 3.5, the first product to eliminate many if not all of the User Account Control (UAC) prompts an enterprise user might see when running Windows Vista. Privilege Manager 3.5 provides users with elevated privileges when required, enabling a Least Privilege security environment without unnecessary UAC dialogue boxes. Privilege Manager 3.5 can be installed with UAC on or off. It supports Windows Vista, including its recommended corporate configuration, as well as Windows 2000, XP and Server 2003, providing great flexibility for enterprises to transparently manage user privileges and maintain their standardized desktop configurations, such as those recently mandated by the U.S. Office of Management and Budget (OMB).
Microsoft recommends that enterprises increase security by running users without administrative privileges or access to administrator accounts. However, in many cases, enterprise users need to run applications that require administrator privileges. Privilege Manager securely solves this problem by enabling administrators to configure an environment in which end-users can run all required applications and perform all authorized tasks without administrative privileges or administrator passwords; thus helping to protect against malicious use, malware and zero-day threats.
Windows Vistas User Account Control provides additional protection for users with features such as Internet Explorer protected mode but does not solve the problem of allowing non-administrators to perform tasks that require administrator rights without those users having access to administrator credentials. Windows Vista UAC can be configured in two ways for standard users who do not have administrative privileges: to prompt users to provide their administrator passwords in order to run applications that require elevated privileges; or to not prompt users and deny the use of applications or features that require elevated privileges. Distributing administrator passwords to standard users is not a secure solution. It places the security decision of which applications to elevate in the hands of the user instead of a network administrator. Additionally, these credentials can enable users to circumvent security policies, make ill-advised system changes and run or install applications as an administrator.
Microsoft recognizes that to help create a secure, auditable and compliant enterprise environment all users should be Standard Users and ideally not have administrative privileges or access to administrator passwords. BeyondTrust Privilege Manager helps corporations that need to allow standard users to run applications that require administrative privileges on Windows Vista with UAC enabled without any prompts or input required from the user. I am pleased to see third-party security vendors such as BeyondTrust improve what is already our most secure business client OS, Windows Vista, said Microsofts Austin Wilson, director, Windows Client Security Product Management at Microsoft Corporation. The combination of elevating approved applications transparently with Privilege Manager and running UAC in no prompt mode with Internet Explorer in protected mode provides a best of breed solution to the least privilege problem.