On-Demand Privileges Manager for Windows™ Features | Products

Features & Benefits:

  • Centralized Management through Windows Group Policy: Tightly integrated with Windows Group Policy for setup and configuration, leveraging Active Directory infrastructure for instant deployment across the enterprise with no additional backend infrastructure required.
  • Simple Policy Configuration: Identify the applications which can run with elevated rights and define identification options. (e.g. filename, file hash, trusted publisher, command line etc.) Then classify the application to the users who require elevated privileges.
  • Flexible Policy Definitions: Users can be limited to the applications, commands or tasks they can run on their local desktop in a transparent manner where they will not even be required to enter a username or password. Additional options may also be set such as end user messaging, prompts for reason submission or additional authentication requirements, auditing and privileged session monitoring.  
  • Transparent User Experience: Seamless integration with Windows’ User Account Control (UAC) eliminates or replaces inappropriate UAC prompts for applications requiring elevation, giving a superior end user experience.
  • Ongoing Desktop and Server Protection: Once OPM is deployed, policies are cached on the client machine ensuring policies continue to be enforced when there is no network connection. Support for background refresh ensures that policies are updated even if the user remains logged on.
  • Application Control: Pre-define white listed applications, even those that do not require administrative rights, allowing only trusted applications to run and be installed. Any unauthorized applications may be blocked and audited. End users are notified via fully customizable messages including the option to email a request for a blocked application.
  • On-demand Elevation: For more skilled users who require more flexibility like IT professionals and developers, OPM integrates with the Windows shell whereby the user logs on with a standard user account and can elevate applications from a shell context menu. To avoid end user confusion, the standard Windows “Run as” menu option can also be hidden.
  • Detailed Audit Trail: All user activities running privileged operations are written to the event log.
  • Enterprise Readiness: Scales across the enterprise when needing to manage hundreds of thousands of desktops and even integrates with legacy applications to enforce ‘least privilege’ in these environments.