Tuesday 26 October 2010

BeyondTrust PowerBroker Desktops, Free Edition

While I’m on the subject of free solutions for elevating processes to run with administrative privilege under a standard user account, BeyondTrust have recently rebranded their Privilege Manager product, now called PowerBroker Desktops, and have released a free version of the software.

The product differs from a fully licensed version in that your own custom rules cannot be deployed centrally using Active Directory Group Policy. All rules can be deployed via local GPOs, and template rules, i.e. those built-in to PowerBroker to allow system administrators to quickly grant rights for specific Windows features, can be deployed using Active Directory Group Policy. So central management using AD Group Policy Objects, isn’t as complete as ScriptLogic’s free solution, Privilege Authority.

On the flip side, PowerBroker Desktops Free Edition is more fully featured than Privilege Authority and integrated properly with Group Policy and the Group Policy Management Console (GPMC). PowerBroker is definitely worth checking out for smaller organizations that are looking to implement least privilege security on the desktop.

ScriptLogic’s Privilege Authority

I recently discovered a free offering from ScriptLogic that allows system administrators to grant standard users administrative rights for specified processes, in much the same way as commercial products. ScriptLogic doesn’t support Privilege Authority, although there is a community support forum which is active at http://privilegeauthority.com, so it may not be suitable for use in large organizations that would depend on the software as part of their mission critical infrastructure.

Privilege Authority has its own server console for administering Group Policy settings, and before use, you have to provide an email address. When configuring new settings to deploy to clients, there is a list of standard rules for common applications, and rules can also be imported from the Rules Exchange on the community forum. User defined rules, can of course, also be created and exported.

While not as fully featured or elegant as products from the main players, Avecto and BeyondTrust, Privilege Authority provides a potential alternative for smaller organizations that cannot get funding to deploy a commercial solution.