Eliminate admin rights enterprise-wide on Windows 7

BeyondTrust announced BeyondTrust Privilege Manager support for Microsoft’s new Windows 7 operating system.

Eliminating administrator rights is one of the most effective ways for enterprises to meet compliance mandates and reduce vulnerability to attacks by spyware, malware and malicious users. Privilege Manager will enable organizations to remove administrator rights in Windows 7 – as well as Windows 2000, XP, Vista, Server 2003, Server 2008 and 64-bit platforms – and allow end-users to run all approved applications, processes and ActiveX controls.

Privilege Manager is implemented as a Group Policy extension. Organizations running Windows 7 can simply specify the privileges necessary for an application. These privileges will be added to the application process when it is launched, enabling end-users without administrative privileges to run all authorized applications.

Available for general release on October 22, Windows 7 brings little relief for enterprises seeking to deploy end-users as standard users, i.e., users without administrator rights. In response to feedback that users were forced to respond to too many prompts in Windows Vista, the new operating system introduces a new approach to User Account Control (UAC), providing a four-position “slider” feature to control how often UAC pop-ups occur.

While these changes to Windows 7’s UAC benefit the home user market, enterprises must recognize that the new slider feature can only be applied to users logged in as administrators and may increase security risks. Further, Windows 7 introduces no new features to solve the application compatibility issues experienced by standard users in previous versions of the operating system.