DesktopStandard Upgrades PolicyMaker Application Security, a Group Policy Extension for Implementing 'Least Privilege' Security; Adds support for end-user installation of approved ActiveX and Microsoft Installer components.PORTSMOUTH, N.H. -- DesktopStandard Corporation today announced the release of PolicyMaker(TM) Application Security (PMAS PMAS Policy Maker Application Security PMAS Propulsion Module Attach Structure PMAS Programmed Manpower Authorization System PMAS Photochemical Assessment Monitoring Station (EPA) PMAS Performance Monitoring & Analysis Subsystem ) 2.0, a major upgrade to the patent pending software solution that enables network administrators to enforce the security principle of Least Privilege In computer science and other fields the principle of minimal privilege, also known as the principle of least privilege or just least privilege, requires that in a particular abstraction layer of a computing environment every module (such as a process, a user or a on Windows desktops via Microsoft's Group Policy change and configuration management system. PMAS was the first product to make it possible to reduce or elevate permissions on a per-application or per-task basis, removing longstanding barriers to implementation of the security best practice of Least Privilege A basic principle in information security that holds that entities (people, processes, devices) should be assigned the fewest privileges consistent with their assigned duties and functions. . With this add-on to the Group Policy Management Console A terminal or workstation used to monitor and control a network. See Microsoft Management Console. (GPMC (1) (Group Policy Management Console) A Microsoft Management Console (MMC) snap-in for the Windows Server 2003 and XP (with .NET) operating systems. It is used to manage policy settings across multiple Active Directory domains. ), administrators can adjust application privilege levels to the lowest possible point in order to limit damages stemming from network attacks or user error. The ability to control security at such a granular level also helps organizations comply with regulatory mandates such as the Sarbanes-Oxley, HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, and Gramm-Leach-Bliley acts. The product allows administrators to: --Elevate the permission level for restricted users who are performing selected tasks or running applications that require higher privileges than those to which the user is normally entitled. This eliminates the need to raise each user's privilege levels for all applications which would expose the network to unnecessary risk. --Reduce the permission level for administrators working on general applications, such as Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. and Microsoft Outlook For the e-mail and news client bundled with certain versions of Microsoft Windows, see . Microsoft Outlook or Outlook (full name Microsoft Office Outlook . This avoids the use of full administrative permissions for applications that do not have such a need, and without the need to log out and then in as a different user, use the Windows RunAs utility to work under a second user account, or invoke other complicated procedures that reduce productivity. --Allow restricted users to install approved ActiveX controls while running Internet Explorer in their restricted user security context. This new feature makes restricted user scenarios much more practical, as many organizations have extensive libraries of ActiveX controls or allow use of such controls that install from approved third party sites - including Adobe's Acrobat Reader The former name of Adobe Reader. See PDF. for example. --Provide self-service software installation points for restricted users, greatly reducing administrator workload in supporting unmanaged software installation without compromising security. Many organizations have libraries of software packages that end-users may elect to install by simply browsing to them on a network location. This new feature makes it a simple task to support secure elevated permissions installation of such executable and Windows Installer Microsoft's installation system for Windows. The installer, which is available in Visual Studio and other stand-alone programs, compresses the application into .MSI "package" files, and the MSIEXEC.EXE program in the Windows PC performs the installation. Transform files (. packages. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. DesktopStandard CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. Eric Voskuil, "Windows provides a Group Policy setting that allows administrators to specify that all Windows Installer packages install with administrator permissions. The use of this feature effectively makes the end-user an administrator, as any package they choose to install will run with administrator permissions. With PolicyMaker's secure self-service installation points, software installations are elevated only for packages that the network administrator has placed into the approved network shares." Keith Brown, Network Administrator for Gwinnett Health System, a Georgia Medical Center that serves nearly a half million patients per year, stated, "PolicyMaker Application Security is an invaluable part of our strategy to enforce the Principle of Least Privilege. We have several applications in our environment that require administrator rights, and without PolicyMaker Application Security, enforcing Least Privilege would be impossible. Since PolicyMaker Application Security is a Group Policy extension, we can easily apply policy settings to elevate or restrict the rights on applications, without giving the user administrative rights over the workstation. With the version 2.0 we'll be able to apply policies that will allow us to control what ActiveX controls and MSI MSI: see integrated circuit. (1) (MicroSoft Installer) See Windows Installer. (2) (Medium Scale Integration) Between 100 and 3,000 transistors on a chip. See SSI, LSI, VLSI and ULSI. packages end-users can install, all while enforcing Least Privilege and keeping my users locked down and safe from spyware, malware, root kits and viruses. This is an essential aspect of our security strategy." The complete suite of PolicyMaker products offers a total of 24 extensions to the Group Policy system that has been integrated with Active Directory since the release of Windows 2000. These extensions complement the 11 native extensions that ship with Windows. All PolicyMaker products seamlessly integrate with Microsoft's Group Policy Management Console, including backup, restore, import, copy, edit, and RSoP capabilities. PolicyMaker settings can be targeted using any of 25 graphical filtering categories. Pricing, Specifications and Availability PolicyMaker Application Security 2.0 is available immediately from DesktopStandard and authorized resellers. Pricing starts at $27 per seat for enterprises with less than 1,000 computers, including one year of upgrade assurance and technical support. PolicyMaker supports Windows 2000, XP and 2003 Server, Terminal Server, MetaFrame and all versions of Outlook, Office and Internet Explorer. About DesktopStandard Corporation DesktopStandard Corporation is the leading developer of Group Policy-based enterprise desktop management products. The company has more than 3,500 customers, more than 4 million desktops under management and a worldwide network of integrators and resellers. DesktopStandard is a Microsoft Gold Certified ISV (Independent Software Vendor) A person or company that develops software. It implies an organization that specializes in software only and is not part of a computer systems or hardware manufacturer. . DesktopStandard has provided a long string of innovative and integrated Group Policy firsts. PolicyMaker Standard Edition was the first product based on Group Policy Extension (first released in 2003), eliminating the need for logon and startup scripting. PolicyMaker Software Update (2004) was the first Group Policy-based patch management product. PolicyMaker Application Security (2004) was the first product to allow administrators to assign permissions to applications and tasks, enabling Least Privilege on Windows. PolicyMaker Share Manager (2005) was the first product to provide Group Policy support for file servers and Windows Server 2003 Access-Based Enumeration 1. (mathematics) enumeration - A bijection with the natural numbers; a counted set. Compare well-ordered. 2. (programming) enumeration - enumerated type. . GPOVault (2005) was the first product to integrate Group Policy change control and offline editing into Microsoft's Group Policy Management Console (GPMC). DesktopStandard products have won many prestigious awards, including the "Most Innovative Product of 2005" (Windows IT Pro Windows IT Pro (ISSN-1552-3136) is a trade publication and web site owned by Penton Media serving the information needs of IT professionals in various fields including data processing, software development and programming. Readers' Choice Awards), "Most Valuable Product" (Redmond Magazine), "Best Product of 2005 - Policy Management" (MSD (MicroSoft Diagnostics) A utility that accompanied Windows 3.1 and DOS 6 that reported on the internal configuration of the PC. A variety of information on disks, video, drivers, IRQs and port addresses was provided. 2D People's Choice Security Award), and the "2004 Active Directory Product of the Year" (SearchWin2000.com). For more information, visit www.desktopstandard.com. DesktopStandard, PolicyMaker and GPOVault are the trademarks or registered trademarks of DesktopStandard Corporation. Other product and company names herein may be trademarks of their registered owners. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion