AppSense Application Manager 8.3 is released – Enhancements to leading User Rights/Privilege Management

Today we are pleased to announce that the world of user centric computing takes another leap forward with the release of AppSense Application Manager 8.3.

Part of the User Virtualization Platform (UVP), AppSense Application Manager secures and reduces the cost of millions of corporate desktops and ensure users have access to only the applications, rights, networks and applets at any given time by controlling application & network access and user rights management.

Based on customer & community demand & feedback AppSense Application Manager 8.3 brings greater flexibility and granular control of User Rights Management (URM) with enhancements to existing functionality and also through the addition new features and capabilities.

What is User Rights Management?

For those who are unaware, URM enables enterprise IT departments to reduce access control privileges on a per user, group, application or business rule basis. It ensures users have only the rights they need to fulfil their job and access the applications and controls they require, and nothing else – ensuring desktop stability, improving security and productivity, all while reducing desktop TCO.

With User Rights Management, access to applications and tasks is managed dynamically by managing user rights on demand in response to user actions. For example; Administrator rights can be applied to a named application or control panel applet for a particular user or user group, either elevating the privileges of a standard user to an Administrator level, or, dropping the rights of an Administrator to that of a standard user account.

By controlling user rights throughout the user session, IT can now provide users with the accessibility they require to perform their job, while protecting the desktop and the environment and reducing desktop management costs.

So whats new in AppSense Application Manager 8.3?
(All information contained on this page assumes prior knowledge of AppSense Application Manager 8.2)

Feature highlights include:

• Self-elevation of Administrator Rights for selected / power users.
  This enables power users to remain productive and reduces support desk calls and associated costs in relation to end-user requests.
• Granular control of self-elevation
  Dynamically modify the configuration based on the user, device, location and time & date context with options to restrict self-elevation ability to certain application or actions.
• Auditing and reporting
  The reporting options help with the user rights discovery process, an important step in achieving least privilege management.
• Secure Dialog Boxes
  When an application is elevated to Administrator rights, it is imperative that this application cannot be used as a gateway to access the underlying desktop, operating system, other applications or files under the context of the Administrator.  This feature ensures that only the application is elevated to Administrator and any dialog box such as File Open or File Save remains under the context of the Standard User.

Thanks to all of our customers, partners and alliances for help drive our user virtualization solution & shape the future of user centric computing.

For more detailed information, please use the following links.

Whats new in AppSense Application Manager 8.3 webpage – here

Whats new in AppSense Application Manager 8.3 PDF overview – here

Thanks

Gaz

Google Frame: Bypassing Security, Lockdown & Admin controls – A mockery, or an awakening to managing the Unknown?

 Google has just launched a new version of Google Frame – a plug-in designed for Internet Explorer based on the open-source Chromium project.  Unfortunately, it presents a significant problem for IT departments, in that users can install the plug-in even if they don’t have Administrator Rights on their desktop.  Now, I am not picking on Google in this blog, but using Google Frame as an excellent example of how unauthorized and unknown software can easily enter corporate desktops that are only protected by managing and blocking ‘known’ code and software.

 Back to Google Frame, A comment on the Hacker News site sums this up nicely saying:

“Yay for clever technical hacks that help users circumvent ossified IT bureaucracy. But I’m a little astonished that this is possible. They’re running a second process that detects new instances of IE starting up and injects Chrome Frame into them. Doesn’t that make a mockery of “admin rights”?

Fair comment indeed… but those Admin rights are often there for a reason – to protect the desktop, the data and the user from unknown software. Google isn’t doing end-users any favours by circumventing established security protocols – it will just encourage IT departments to try and lock down desktops even further.

According an insightful article from Cade Metz, at The Register: “Google is well aware of this. But the company says that if admins don’t like it, they can use separate Google admin tools to stop it from happening.” But that assumes IT admins are aware of the issue, and the separate Google admin tools in the first place, in order to control it .. ouch?!

My thought here is – you only know what you know, you don’t know what you don’t know – Making some aspects of managing the desktop for some IT departments, especially in this case, a reactive, firefighting process. 

My question therefore is – How can you control, manage and protect against the unknown?!

The answer to my question and for AppSense customers concerned about this issue, I’m happy to confirm that this is something automatically handled out of the box by Application Manager – One of the requirements of a User Virtualization solution is to dynamically and automatically control application entitlement and the ability to control what a user can introduce and execute into their desktop environment.  For over 10 years Application Manager has been protecting millions and millions of corporate desktops around the world, AppSense will recognise any attempt by the user to install or run any unknown or unauthorized piece of software, even a plug-in and block it unless permission has been given.

AppSense User virtualization achieves this with a kernel level filter driver within the Windows operating system. This filter intercepts all execution requests, whether known or unknown software, scripts, DLL’s etc,  prior to an application or code actually launching or executing, to determine if the request is to be authorized or prohibited. Any unauthorized requests are blocked and the user receives a message, configurable by the administrator, stating that execution has been denied.  Authorization or denial can be manged in a number of ways:

AppSense Trusted Ownership: Managing the Unknown

Protect the system without complex lists and constant management. Only code installed and owned by ‘trusted owners’ is allowed to execute. By using this method, current application access policy is immediately enforced ‘out of the box’ without the need for scripting or list management.  In this case, Google Frame would be prevented from running the installation and the application is blocked automatically, even though the code itself is unknown to the IT department! – Problem Solved.   (note – The trusted owners list can be extended to suit any environment or content directory infrastructure.)

White & Black List Configurations: Granular Management of the Known

White & black List configurations can be used in conjunction with Trusted Ownership to control known applications which pass the NTFS owner check. Applications that users should not have access to such as administrator owned tools like cmd.exe or ftp.exe  are automatically denied. Or, create white lists to guarantee only known and trusted applications can
execute on a system.

So… there we have it, while vendors are developing software that can bypass desktop controls and enter the corporate desktop environment, and unknown (malware) threats challenge our IT departments, there is a solution available in the form of AppSense User Virtualization.

If anyone has any further specific thoughts or questions about Google Frame, any other ( potentially unknown) applications  or User Admin Rights, then please do share them here on the AppSense blog – as ever we love to hear what the community has to say.

Hope this helps, and keen to hear your thoughts…

Gaz