Know where application rights can go wrong
- TAGS:BeyondTrust, software administrative rights, Windows vulnerabilities
- IT TOPICS:Applications, Desktop Apps, Government & Regulation, Security, Windows
If you want a least-privilege Windows world for compliance or security reasons, you'll need to know which programs require PCs to have administrative rights to work. That's the theory behind the free tool being offered this week from BeyondTrust Corp. of Portsmouth, N.H. According to CEO John Moyer, without something like Applications Rights Auditor (ARA), the only way you'd know which Windows machines' programs needed admin rights "would be through trial and error."
The way ARA works is an authorized sys admin downloads the free product and deploys it on PCs via tools like Microsoft Systems Management Server. You let ARA run for a while and it gathers data on all executable files and highlights those that require administrative privilege. ARA sends encrypted details back to BeyondTrust's data center where the admin logs in to see exactly what systems have what apps that need elevated rights. You can export the data via XML or Excel into other asset management tools or a configuration management database. No muss. No fuss.
Moyer says you don't need to do anything else. But if you want (and he hopes you will), you can buy the company's Privilege Manager that manages administrative rights for all of your Windows software. ARA is a good first step to discover unnecessary Windows admin rights that can lead to wrong things like malware appearing on your network.
Free Insider Guide