Removing Local Administrator Rights unilaterally can kill user productivity!

Blind elevation of user rights is hazardous to your career health!

User Rights Management (URM) is like a tightrope walk; You must implement a balanced set of dynamic policies that restrict privileges enough to be safe, but, not so much as to kill productivity. Most administrators have to walk this tightrope blind and hoping not to fall. However, following on from yesterday’s announcement of a new AppSense release (blog here, what’s new page here), the Rights Discovery Mode (RDM) in Application Manager 8.5 (AM) makes the journey safe, quick and easy – keeping you, and your users alive. Let’s look at how.

A short while back I introduced AppSense StrataApps. Today, I’d like you to meet our latest release of Application Manager – version 8.5. But first let’s first review how AM precisely controls Windows desktops and applications to meet governance requirements without compromising the user’s experience and productivity.

Application Manager provides contextual control of applications using five key components:

• Application Control
• Application and User Rights elevation/reduction (URM)
• Application Network Access Control (ANAC)
• URL Redirection
• License Control

Context of when the controls are enfornced can be based on rules and conditions such as:

• User / Device / AD group
• Time / Location (internal vs. external)
• Application / File metadata (sha1, vendor, etc.)
• Scripted rules
• + Many, many more…

The new Rights Discovery Mode in AM 8.5 enables administrators to monitor, analyze and report on tens of thousands of concurrent endpoints to identify what applications and tasks require administrative privileges. RDM generates reports which can be grouped by user, computer or application to make it easy to identify trends. Applications and tasks identified by RDM can be quickly added to URM configurations with just a few clicks. Wow! That was Easy!

Default Rights Policies in AM 8.5 enables customers to simply identify the target application that requires an elevation policy and automatically assign the application to an elevation rule to further simplify the configuration and quicken the implementation of User Rights Management. Wow! That was Easy!

Below is a screenshot of a RDM report, grouped by application (this report & screenshot was taken from a standalone machine, multiple machines showing duplicate applications would show how many instances of the application in this grouping), with the Administrator very quickly and easily adding an application that has been identified as requiring Admin Rights to an Default Rights Elevation Policy for all users.  We even provide the option to do it by File Name, or for extra security, by applying a sha1 Signature for only that specific application.  Wow! That was Easy!

 

Note: If you switch to the ‘List View’ (top right of the above screenshot) you can even see how many times each application was run, and from there you can also see on which machines it was run on.  This Application Details view provides you with the opportunity to see the user, machine, commandline and start time for each instance of that application.

Listening closely to our customers and developing solutions based on their feedback has helped ensure this latest release further empowers administrators with automated configuration options to support complex environments.

Keen to hear your thoughts and feedback.

Billy Matkovich | Product Manager
@BillMatkovich