Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Rollout: BeyondTrust Privilege Manager 3.0

The Upshot

BeyondTrust Privilege Manager 3.0 aims to make it easier for administrators to enforce least privilege on user PCs. Least privilege can prevent malware or unwanted software from being installed on corporate machines. Privilege Manager uses Group Policy to deploy rules to Windows 2000, 2003, XP and Vista clients.
Other least-privilege enforcement options are scant. Vista builds limited user-privilege controls into the OS. For older Windows OSs, Windows utilities such as Run As leave privilege management in users' hands. Freeware, such as DropMyRights, Process Explorer and Sudowin, lack administrative management.
Privilege Manager provides a solid solution for enforcing least privilege across the enterprise--provided you're using Active Directory. However, administrators may find themselves tweaking rules each time they update software and fielding more helpdesk calls from thwarted users.

BeyondTrust Privilege Manager 3.0

Perhaps the simplest way to prevent malware from infecting user PCs is to operate those machines under the principle of least privilege. Least privilege restricts programs to only those system resources they need and only when they need them. It also means new programs can't self-install (or be installed by users), effectively locking out most malware.

However, using Windows machines with least privilege can be painful. Users tend to run as administrator because many applications require administrator rights to function, and because users have a legitimate need to perform tasks that require elevated privileges.

Enter BeyondTrust's Privilege Manager 3.0. This software provides rules-based privilege elevation. These rules are deployed over Microsoft's Group Policy and let administrator-defined programs and settings run with elevated privileges as needed on Windows Vista, XP, 2003 and 2000.

Privilege Manager isn't the only option for least privilege, but other methods lack management capabilities and require a high degree of user cooperation.

  • 1