Solved

Application Control/Whitelisting

Posted on 2010-08-24
4
669 Views
Last Modified: 2012-05-10
I'm trying to look for a solution to removing admin rights from end users. I've looked at Beyond Trust and then started looking into Application Whitelisting vendors such as Bit9, Lumension, and McAfee. I'm wanting to see if anyone out here has used any of these solutions or any others for the same reasons or if they have suggestions. Application whitelisting looks to be a more secure and has many more features for us to control our endpoints as they also have Device Control which would be an added bonus. Any input with your experiences removing admin rights or using application whitelisting would be greatly appreciated.
0
Comment
Question by:hpmhelpdesk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 2

Expert Comment

by:Nirev
ID: 33514172
What have you done so far to limit your users? did you try giving them user level access by changing it under the users in control panel? what kind of limitations are you looking at? In my situations, normally I will drop them to the lowest permissions so that nobody can change any of the computer's contents. Even going as far as preventing access to the local drive. All files and my documents are stored in a network drive.
0
 

Author Comment

by:hpmhelpdesk
ID: 33514839
We are in a domain and so far they have no limits locally but we are looking to change that to user level access and then either using Beyond Trust to elevate rights or use application whitelisting to block unwanted apps and control what they can install.
0
 
LVL 2

Accepted Solution

by:
Nirev earned 500 total points
ID: 33515350
Honestly, there are tons of apps out there to block and to allow. Especially with users, someone will need something unlisted and installed sometime along the way. And figuring out if that application requires administrative rights to run and what not are time consuming and fustrating.

I would recommend that you evaluate the applications that you need to run in administrative mode and how often those are used before investing into such 3rd party admin rights apps, since most of these don't come cheap and the additional hassle to manage. Consider using a spare PC as a common system with virtual pc/os for the department to use should they need to test apps and etc.
0

Featured Post

Prevent Ransomware with Total Security Suite

With recent ransomware attacks topping the headlines, it might seem like there'e no hope in the battle against these advanced threats. Learn more about how WatchGuard's Total Security Suite can effectively prevent ransomware attacks including Petya 2.0 and WannaCry!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question