SlideShare a Scribd company logo

Viewfinity Privilege Management Support for FDCC & USGCB

A
akeophila

The Federal Desktop Core Configuration and U.S. Government Configuration Baseline constitute a list of security settings recommended by the National Institute of Standards and Technology for computers that are connected directly to the network of a United States government agency. Viewfinity Privilege Management helps with FDCC and USGCB compliance in desktop lock down environments allowing flexible management of administrator rights.

Technology
1 of 6
Download to read offline
Viewfinity Privilege Management Support for FDCC and USGCB FDCC and USGCB The Federal Desktop Core Configuration and U.S. Government Configuration Baseline constitute a list of security settings recommended by the National Institute of Standards and Technology for computers that are connected directly to the network of a United States government agency. In March 2007 the Office of Management and Budget issued a memorandum instructing United States government agencies to develop plans for using the Microsoft Windows XP and Vista security configurations. Released in June 2008, FDCC Major Version 1.0 specifies 674 settings, while Major Version 1.1 (released October 31, 2008) has no new or changed settings, but only expands on reporting options. In 2010, the USGCB was issued as a replacement to the Federal Desktop Core Configuration (FDCC) and provides the baseline settings that Federal agencies are required to implement for security and environmental reasons. Complying with FDCC and USGCB Managing a security structure as defined by the USGCB and FDCC can be a daunting task for any government agency. There are processes and procedures that must be followed to the letter, and it’s imperative that the mandate be implemented and managed. One of the key principles of robust security is removing the local user as a direct Administrator of the computer. However, removing local Administrator rights presents an issue all on its own, as end users require elevated rights to install applications, install drivers (such as printers and ActiveX controls), perform maintenance on the computer, and more. Better Compliance Control through Privilege Management For departments that currently lock down desktops, or who are in the process of meeting these governmental guidelines, Viewfinity offers government agencies the ability to manage administrative rights so that the settings mandated by the USGCB and FDCC security list are not compromised due to functionality needs. Viewfinity Privilege Management features are integrated with Active Directory and allow agency administrators to establish flexible privilege elevation policies for applications and desktop functions that require administrator rights. Desktops continue to operate within the least privileges mode except for those functions flagged by the agency administrator for elevated privileges, such as:  Applications: Elevate privileges to administrative rights per application, not per desktop  ActiveX: Manage permissions for non-administrative users to install ActiveX applications  Printers: Manage permissions for non-administrative users to install printers or perform application installations (optional)  Windows Services: Raise privileges to perform specific administrative functions (Device Management, Disk Defragmenter, Manage Services and User Accounts & Shares) 1050 Winter Street Waltham, MA 02451  781.522.7474 www.viewfinity.com
Policy Management: Automating USGCB and FDCC Compliance Policies Viewfinity Privilege Management features offer IT departments new methods for enforcing USGDB and FDCC compliance policies on all its PC assets regardless of the endpoint client’s location or connectivity status. Both officially supported applications and those installed by end users can be better managed and provisioned. Upon installation, they automatically become part of the pool of applications that are managed according to your predefined policies. Administrators can be assured that no matter what end users might be doing while working offsite, all established USGCD and FDCC compliance rules are continuously enforced. Critical applications can be grouped by agency/work units or functional roles and then associated with groups of computers for which a set of policies should be applied. Enforcement criteria range from notification-only of certain application installation or usage to imposing security rules by blocking black listed applications. With our automated policy management, Viewfinity addresses the needs of both end users and IT. While ensuring desktop security, end users have the flexibility to install applications that normally are not allowed on government assets. Viewfinity Privilege Management features provide the ability to restrict individual applications from operating on your network on a per-machine or per-group basis. Applications can be restricted entirely or simply hidden during working hours while still remaining available to the end user for home or travel use. Flexible, Configurable Rules Rules are customizable by groups, by application, and even by time period as defined by your IT hierarchy and policies. Corresponding alerts are set to monitor desktops and notify system administrators, and for specific predetermined guidelines, take action in the event of any end user policy violation. This ensures that the time and investment made by IT departments setting USGCB and FDCC IT policies are enforced automatically in real-time, without intervention by IT staff. Viewfinity FDCC Compliance Verification Activity Auditing Viewfinity supports real-time monitoring and recording of laptop, desktop and application events, providing the administrator with an auditable record of all changes being made on the laptop or desktop. Viewfinity’s precise activity recording feature provides a picture of all meaningful user/application activity for every laptop and desktop. When an audit needs to be performed on a specific PC, our Activity Recording feature both expedites the process, as well as aiding in the interpretation of the results of information collected. The IT Administrator simply accesses the desktop activity journal for the specific end user and a record of all recent desktop activities appears. USGCB and FDCC Policy Auditing A key component for USGCB and FDCC policy management is the ability to audit and report on the status of privilege management policies. Administrators should not have to go through the process of remotely connect to a PC to validate that a policy is in effect. Instead, IT needs centralized management capabilities to report on and review the status of policies to determine whether they have been successfully delivered and are activated. 1050 Winter Street Waltham, MA 02451  781.522.7474 www.viewfinity.com
Flexible Implementation Methodologies In support of the Federal Government’s Apps.gov cloud initiative to move applications to the cloud, Viewfinity Privilege Management can be implemented through our SaaS/Cloud platform or via your on-premise servers as a private cloud, or as an extension to Group Policy, enabling policies to be managed through the standard Group Policy Management tools. Privilege Management Functionality Components for USGCB and FDCC Elevate Privileges Certain Windows applications and desktop functions require local administrative privileges in order to run and function properly on a desktop or laptop. Granting Full Administrator Rights creates a less secure desktop environment and opens the door for malicious hackers and viruses, thus organizations consider the practice of granting Administrator Rights to standard users to be risky. It also breaches compliance regulations posed by these mandates, which stipulate that administrative rights cannot be granted to end users and may not be made available on federal desktops and laptops. Viewfinity solves this problem by elevating administrative rights for certain processes or applications rather than at the user account level. When permissions are raised, the elevation is performed directly within the security token of the user account. The application or process is started using the current user credentials as opposed to using RUN AS which needs the Administrative account in order to raise privileges. The RUN AS method potentially introduces security risks and issues for changes that are written into current user registry. All elevation rules are applied in a real time and do not require users to cycle through the log off/log on process. Viewfinity doesn’t require desktops to be part of the domain or to be attached to the central network in order for privilege elevation policies to be delivered. Detailed reporting provides intelligence on all administrator privilege policies, including an audit trail report that provides confirmation that a policy has been delivered and activated on endpoint devices. Elevate Privileges supports ActiveX Controls, printer installations, computer management functions, and applications requiring administrator rights for local, remote and mobile users. Policies are delivered as soon as the PC connects to the internet. 1050 Winter Street Waltham, MA 02451  781.522.7474 www.viewfinity.com
Benefits and Features: Key Benefits of Elevate Privileges: Key Features of Elevate Privileges: •Automates privilege management by bringing •ActiveX: Manages permissions for non- endpoints into full compliance with corporate administrative users to install ActiveX Controls software policies as soon as they connect to the Internet •Printers: Manages permissions for non- administrative users to install printers • Ensures USGCB/FDCC, SOX, and HIPPA compliance through centralized control and •Computer Management Functions: Raises regulation of PC administrative rights privileges to perform specific administrative functions (Device Management, Disk • Increases user satisfaction by providing flexible Defragmenter, Manage Services and User application policies instead of completely Accounts & Shares) blocking non-standard applications •Applications: Elevates administrative privileges •Prevents the use of applications that create for approved applications without compromising security risks security on the PC (managed via central console, no desk-side visits required) •Reduces probability of malicious and virus attack on corporate laptops & desktops •Remote/Mobile Clients: Automatically delivers policy to remote clients as soon as the PC •Eliminates security risks by attaching connects to the internet administrative rights to Windows applications and processes rather than adding users to the •Reports: Confirms policy delivery status to administrators group ensure policies were applied Block Application Each organization has list of known applications which they do not want installed on its desktops. In some cases, IT may want to permanently prevent users from installing certain applications, while for other applications, blocking the execution of an application maybe a temporary measure. In order to stop unwanted software installations, some organizations opt to completely lockdown its desktops. This approach can be unproductive for end users as it doesn’t offer any flexibility for supporting non-standard requirements, such as the needs of traveling or remote users. Using Viewfinity, the IT Administrator may establish policies that identify applications (by group if needed) that should be blocked from executing on agency desktops and laptops. For example, a particular division may have a specific policy that prohibits any Instant Messaging software form executing. Viewfinity automatically enforces this policy for division members of that AD group, ensuring that these PCs are intact with USGCB and FDCC compliance regulations. Policies can be set for multiple combinations software such as Skype, ICQ, Yahoo Messenger, AOL, etc. Policies can also be flagged to unblock usage of specific applications while the end user is not connected to the internal network. 1050 Winter Street Waltham, MA 02451  781.522.7474 www.viewfinity.com
Benefits and Features of Block Application : Key Benefits of Block Application: Key Features of Block Application: •Secures desktops & laptops by blocking • Allows logical grouping of business applications execution of black listed software and sets protection policies based on business unit's common applications, roles, etc. • Easily implements polices on PCs located outside of your internal network •Creates work and home profiles containing applications that can be activated / deactivated • Prevents the use of applications that create accordingly security risks •Provides flexible application lockdown and •Reduces the time IT spends maintaining a maintains standard application configurations standard desktop image used to rollback to protected state •Manages and secures applications from a Central •Provides flexible scheduler allowing applications Management Console - no need for individual to be block based on timeframe desk-side visits •Ability to apply "block" policies based end user location (on/off ) corporate network Policy Automation powered by Zero Touch Technology Viewfinity’s Policy Automation is the automatic detection and capture of the need for elevated permissions, combined with the ability to create the appropriate policy and authorize the privilege elevation request on the fly. When an end-user tries to run a particular application or perform a task that requires elevated permissions, the Viewfinity Agent automatically detects this and opens a dialog box where the user can enter his business justification for using this particular application. The Viewfinity agent automatically routes the request to the IT Administrator via the Viewfinity Console, or by way of a report or an email. The IT Administrator can approve and activate the policy and elevate the privilege on the fly. Prior to approval, the IT Administrator can review the business justification provided by the end user as well as information about applications or task from the computer/user that initiated the request. Information related to Applications, ActiveX, Administrative Task, Scripts, etc. is automatically collected during the Policy Automation process. Policies are automatically created without manual intervention. Viewfinity Local Admin Discovery This complimentary tool identifies user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain. Having detailed information related to which users and groups have administrator rights on corporate desktops allows you to reassess who should have these rights. Once the analysis has been run, IT Administrators can take action, if needed, by removing the users or suspicious groups from the Administrators group. Pre-Discover Applications Requiring Elevated Permissions Silently gather information and monitor which applications, processes, and administrative actions will require administrative permission before users are removed from the local admin group. Our Application Admin Rights Analysis is based on end user activity and is collected over a period of time to ensure all events are captured. Once the collection and analysis is completed, policies to elevate privileges can be automatically created and prepared in advance so that when 1050 Winter Street Waltham, MA 02451  781.522.7474 www.viewfinity.com
administrative rights are removed, the policies are in place to ensure a non-disruptive move to least privileges. Video Audit / Policy Audit A key component for policy management is the ability to audit and report on the status of privilege management policies. Administrators should not have to go through the process of remotely connect to a PC to validate that a policy is in effect. Instead, IT needs centralized management capabilities to report on and review the status of policies to determine whether they have been successfully delivered and are activated. During a corporate audit, it is critical to know which applications are running with elevated rights, which are blocked, and to monitor the administrator who is enforcing these rules. Screen recording per Application/Policy: Automatically creates and stores a screen recorded video of user activity based upon a particular application or policy. IT Administrators can elect to record user actions based upon specific policies and/or applications. This feature has wide-spread usage and appeal considering the type of information that can be recorded and used for policy auditing purposes. For example, you can monitor a user session during which the user has elevated permissions to install an application or it can be used for monitoring suspicious user activity. Screen recordings can be stored locally or on a network share. Administrator's actions log and reporting: When an admin creates a policy, there is a corresponding audit log that tracks the administrator’s actions and activity. Senior IT management and audit teams gain a clear understand of which policies are being activated/deactivated, created, and removed by the IT team. Integration of policy reports with SCCM Viewfinity offers an add-on component which is deployed on SCCM server that reports privilege management policy usage status and information regarding privilege access request from end users. The SCCM agent can collect Viewfinity policy events such as policy usage, insufficient privileges to install applications or ActiveX, requests from users to perform Administrative tasks such as disk defragmentation or the ability to change power options, etc. All information collected is transferred to the SCCM server through the add-on component. The status of Viewfinity policies and privilege access requests are tracked through the SCCM Console. This helps IT administrators by providing general system management tasks and privilege access activity from one management console. 1050 Winter Street Waltham, MA 02451  781.522.7474 www.viewfinity.com

Recommended

Viewfinity Privilege Management
Viewfinity Privilege ManagementViewfinity Privilege Management
Viewfinity Privilege Management
akeophila
 
SCCM 2007 Presentation
SCCM 2007 PresentationSCCM 2007 Presentation
SCCM 2007 Presentation
Faisal Alvi [MCTS]
 
System Center Configuration Manager and Mobile Device Management
System Center Configuration Manager and Mobile Device ManagementSystem Center Configuration Manager and Mobile Device Management
System Center Configuration Manager and Mobile Device Management
C/D/H Technology Consultants
 
Mdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot campMdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot camp
Olav Tvedt
 
Configuration Management: a Critical Component to Vulnerability Management
Configuration Management: a Critical Component to Vulnerability ManagementConfiguration Management: a Critical Component to Vulnerability Management
Configuration Management: a Critical Component to Vulnerability Management
Chris Furton
 
Viewfinity Product Overview
Viewfinity Product OverviewViewfinity Product Overview
Viewfinity Product Overview
akeophila
 
Microsoft System center Configuration manager 2012 sp1
Microsoft System center Configuration manager 2012 sp1Microsoft System center Configuration manager 2012 sp1
Microsoft System center Configuration manager 2012 sp1
solarisyougood
 
2011 11-28 sccm-2012_technical_overview
2011 11-28 sccm-2012_technical_overview2011 11-28 sccm-2012_technical_overview
2011 11-28 sccm-2012_technical_overview
fannaq786
 

Recommended

Viewfinity Privilege Management
Viewfinity Privilege ManagementViewfinity Privilege Management
Viewfinity Privilege Management
akeophila
 
SCCM 2007 Presentation
SCCM 2007 PresentationSCCM 2007 Presentation
SCCM 2007 Presentation
Faisal Alvi [MCTS]
 
System Center Configuration Manager and Mobile Device Management
System Center Configuration Manager and Mobile Device ManagementSystem Center Configuration Manager and Mobile Device Management
System Center Configuration Manager and Mobile Device Management
C/D/H Technology Consultants
 
Mdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot campMdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot camp
Olav Tvedt
 
Configuration Management: a Critical Component to Vulnerability Management
Configuration Management: a Critical Component to Vulnerability ManagementConfiguration Management: a Critical Component to Vulnerability Management
Configuration Management: a Critical Component to Vulnerability Management
Chris Furton
 
Viewfinity Product Overview
Viewfinity Product OverviewViewfinity Product Overview
Viewfinity Product Overview
akeophila
 
Microsoft System center Configuration manager 2012 sp1
Microsoft System center Configuration manager 2012 sp1Microsoft System center Configuration manager 2012 sp1
Microsoft System center Configuration manager 2012 sp1
solarisyougood
 
2011 11-28 sccm-2012_technical_overview
2011 11-28 sccm-2012_technical_overview2011 11-28 sccm-2012_technical_overview
2011 11-28 sccm-2012_technical_overview
fannaq786
 
Microsoft System Center Configuration Manager 2012 R2 Installation
Microsoft System Center Configuration Manager 2012 R2 InstallationMicrosoft System Center Configuration Manager 2012 R2 Installation
Microsoft System Center Configuration Manager 2012 R2 Installation
Shahab Al Yamin Chawdhury
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estonina
Microsoft Singapore
 
Sccm 2012
Sccm 2012Sccm 2012
Sccm 2012
ebuc
 
System Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 OverviewSystem Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 Overview
Amit Gatenyo
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
Desmond Devendran
 
FlexNet Manager Platform Datasheet
FlexNet Manager Platform DatasheetFlexNet Manager Platform Datasheet
FlexNet Manager Platform Datasheet
Flexera
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computing
guestc1bca2
 
Software License Optimization Managed Services
Software License Optimization Managed ServicesSoftware License Optimization Managed Services
Software License Optimization Managed Services
Flexera
 
ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012
ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012
ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012
ITCamp
 
Desktop Management: Achieving Unrivaled Performance
Desktop Management: Achieving Unrivaled PerformanceDesktop Management: Achieving Unrivaled Performance
Desktop Management: Achieving Unrivaled Performance
ScriptLogic
 
Installation
InstallationInstallation
Installation
Chuan Ha Quang
 
System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component
C/D/H Technology Consultants
 
The Business Value of System Center 2012
The Business Value of System Center 2012The Business Value of System Center 2012
The Business Value of System Center 2012
jmustac
 
Wizard intro
Wizard introWizard intro
Wizard intro
shanmuka sreenivas
 
Audit Tools for Genesys Contact Centers
Audit Tools for Genesys Contact CentersAudit Tools for Genesys Contact Centers
Audit Tools for Genesys Contact Centers
CC Expertise
 
SoftAge eDMS
SoftAge eDMSSoftAge eDMS
SoftAge eDMS
SoftAge Information Technology Limited
 
NCU Business Development on NetIQ IDM
NCU Business Development on NetIQ IDMNCU Business Development on NetIQ IDM
NCU Business Development on NetIQ IDM
NCU Ltd
 
Oracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via IdmOracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via Idm
edwinlorenzana
 
DoChronicle
DoChronicleDoChronicle
DoChronicle
SoftAge Information Technology Limited
 
Riding the wave towards customer centricity aziz amirali 3_p
Riding the wave towards customer centricity aziz amirali 3_pRiding the wave towards customer centricity aziz amirali 3_p
Riding the wave towards customer centricity aziz amirali 3_p
Microsoft Singapore
 
Owny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring FeaturelistOwny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring Featurelist
NCS Computech Ltd.
 
Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management...
Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management...Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management...
Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management...
Flexera
 

More Related Content

What's hot

Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estonina
Microsoft Singapore
 
Sccm 2012
Sccm 2012Sccm 2012
Sccm 2012
ebuc
 
System Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 OverviewSystem Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 Overview
Amit Gatenyo
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
Desmond Devendran
 
ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012
ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012
ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012
ITCamp
 
Desktop Management: Achieving Unrivaled Performance
Desktop Management: Achieving Unrivaled PerformanceDesktop Management: Achieving Unrivaled Performance
Desktop Management: Achieving Unrivaled Performance
ScriptLogic
 
System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component
C/D/H Technology Consultants
 
Riding the wave towards customer centricity aziz amirali 3_p
Riding the wave towards customer centricity aziz amirali 3_pRiding the wave towards customer centricity aziz amirali 3_p
Riding the wave towards customer centricity aziz amirali 3_p
Microsoft Singapore
 

What's hot (20)

Microsoft System Center Configuration Manager 2012 R2 Installation
Microsoft System Center Configuration Manager 2012 R2 InstallationMicrosoft System Center Configuration Manager 2012 R2 Installation
Microsoft System Center Configuration Manager 2012 R2 Installation
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estonina
 
Sccm 2012
Sccm 2012Sccm 2012
Sccm 2012
 
System Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 OverviewSystem Center Configuration Manager 2012 Overview
System Center Configuration Manager 2012 Overview
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
 
FlexNet Manager Platform Datasheet
FlexNet Manager Platform DatasheetFlexNet Manager Platform Datasheet
FlexNet Manager Platform Datasheet
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computing
 
Software License Optimization Managed Services
Software License Optimization Managed ServicesSoftware License Optimization Managed Services
Software License Optimization Managed Services
 
ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012
ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012
ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012
 
Desktop Management: Achieving Unrivaled Performance
Desktop Management: Achieving Unrivaled PerformanceDesktop Management: Achieving Unrivaled Performance
Desktop Management: Achieving Unrivaled Performance
 
Installation
InstallationInstallation
Installation
 
System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component
 
The Business Value of System Center 2012
The Business Value of System Center 2012The Business Value of System Center 2012
The Business Value of System Center 2012
 
Wizard intro
Wizard introWizard intro
Wizard intro
 
Audit Tools for Genesys Contact Centers
Audit Tools for Genesys Contact CentersAudit Tools for Genesys Contact Centers
Audit Tools for Genesys Contact Centers
 
SoftAge eDMS
SoftAge eDMSSoftAge eDMS
SoftAge eDMS
 
NCU Business Development on NetIQ IDM
NCU Business Development on NetIQ IDMNCU Business Development on NetIQ IDM
NCU Business Development on NetIQ IDM
 
Oracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via IdmOracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via Idm
 
DoChronicle
DoChronicleDoChronicle
DoChronicle
 
Riding the wave towards customer centricity aziz amirali 3_p
Riding the wave towards customer centricity aziz amirali 3_pRiding the wave towards customer centricity aziz amirali 3_p
Riding the wave towards customer centricity aziz amirali 3_p
 

Similar to Viewfinity Privilege Management Support for FDCC & USGCB

Owny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring FeaturelistOwny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring Featurelist
NCS Computech Ltd.
 
Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management...
Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management...Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management...
Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management...
Flexera
 
Solve Employee Experience, Security, and Silo Problems with HCL BigFix Workspace
Solve Employee Experience, Security, and Silo Problems with HCL BigFix WorkspaceSolve Employee Experience, Security, and Silo Problems with HCL BigFix Workspace
Solve Employee Experience, Security, and Silo Problems with HCL BigFix Workspace
HCLSoftware
 
Bc product overview_v2c
Bc product overview_v2cBc product overview_v2c
Bc product overview_v2c
Saurav Aich
 
Hied device Autopilot in Microsoft inTune
Hied device Autopilot in Microsoft inTuneHied device Autopilot in Microsoft inTune
Hied device Autopilot in Microsoft inTune
Rafaelw23
 
Compliance Management System
Compliance Management SystemCompliance Management System
Compliance Management System
RituRaj212449
 

Similar to Viewfinity Privilege Management Support for FDCC & USGCB (20)

Owny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring FeaturelistOwny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring Featurelist
 
Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management...
Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management...Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management...
Meet the BYOD, ‘Computing Anywhere’ Challenge—Planning and License Management...
 
Bigfix Lifecycle - Reduce Cost, Risk of Managing Endpoints
Bigfix Lifecycle - Reduce Cost, Risk of Managing EndpointsBigfix Lifecycle - Reduce Cost, Risk of Managing Endpoints
Bigfix Lifecycle - Reduce Cost, Risk of Managing Endpoints
 
Cybersecurity Strategy Must Include Software License Optimization
Cybersecurity Strategy Must Include Software License OptimizationCybersecurity Strategy Must Include Software License Optimization
Cybersecurity Strategy Must Include Software License Optimization
 
iot-device-management-software-feature-listing.pdf
iot-device-management-software-feature-listing.pdfiot-device-management-software-feature-listing.pdf
iot-device-management-software-feature-listing.pdf
 
Unified Device Management
Unified Device ManagementUnified Device Management
Unified Device Management
 
IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)
 
Mobile Device Management and Their Security Concerns
Mobile Device Management and Their Security ConcernsMobile Device Management and Their Security Concerns
Mobile Device Management and Their Security Concerns
 
Solve Employee Experience, Security, and Silo Problems with HCL BigFix Workspace
Solve Employee Experience, Security, and Silo Problems with HCL BigFix WorkspaceSolve Employee Experience, Security, and Silo Problems with HCL BigFix Workspace
Solve Employee Experience, Security, and Silo Problems with HCL BigFix Workspace
 
Flexera Software App Portal Datasheet
Flexera Software App Portal DatasheetFlexera Software App Portal Datasheet
Flexera Software App Portal Datasheet
 
Comprehensive Mgmt and Monitoring with Citrix Director and Edgesight
Comprehensive Mgmt and Monitoring with Citrix Director and EdgesightComprehensive Mgmt and Monitoring with Citrix Director and Edgesight
Comprehensive Mgmt and Monitoring with Citrix Director and Edgesight
 
FlexNet Manager Suite Cloud
FlexNet Manager Suite CloudFlexNet Manager Suite Cloud
FlexNet Manager Suite Cloud
 
Maintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixMaintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFix
 
Bc product overview_v2c
Bc product overview_v2cBc product overview_v2c
Bc product overview_v2c
 
Hied device Autopilot in Microsoft inTune
Hied device Autopilot in Microsoft inTuneHied device Autopilot in Microsoft inTune
Hied device Autopilot in Microsoft inTune
 
Introduction to Symantec Endpoint Management75.pptx
Introduction to Symantec Endpoint Management75.pptxIntroduction to Symantec Endpoint Management75.pptx
Introduction to Symantec Endpoint Management75.pptx
 
System center 2012 configurations manager
System center 2012 configurations managerSystem center 2012 configurations manager
System center 2012 configurations manager
 
Virtual Desktops for the Enterprise
Virtual Desktops for the EnterpriseVirtual Desktops for the Enterprise
Virtual Desktops for the Enterprise
 
Compliance Management System
Compliance Management SystemCompliance Management System
Compliance Management System
 
Feasibility Study Template for Electronic Software Distribution
Feasibility Study Template for Electronic Software DistributionFeasibility Study Template for Electronic Software Distribution
Feasibility Study Template for Electronic Software Distribution
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Viewfinity Privilege Management Support for FDCC & USGCB

  • 1. Viewfinity Privilege Management Support for FDCC and USGCB FDCC and USGCB The Federal Desktop Core Configuration and U.S. Government Configuration Baseline constitute a list of security settings recommended by the National Institute of Standards and Technology for computers that are connected directly to the network of a United States government agency. In March 2007 the Office of Management and Budget issued a memorandum instructing United States government agencies to develop plans for using the Microsoft Windows XP and Vista security configurations. Released in June 2008, FDCC Major Version 1.0 specifies 674 settings, while Major Version 1.1 (released October 31, 2008) has no new or changed settings, but only expands on reporting options. In 2010, the USGCB was issued as a replacement to the Federal Desktop Core Configuration (FDCC) and provides the baseline settings that Federal agencies are required to implement for security and environmental reasons. Complying with FDCC and USGCB Managing a security structure as defined by the USGCB and FDCC can be a daunting task for any government agency. There are processes and procedures that must be followed to the letter, and it’s imperative that the mandate be implemented and managed. One of the key principles of robust security is removing the local user as a direct Administrator of the computer. However, removing local Administrator rights presents an issue all on its own, as end users require elevated rights to install applications, install drivers (such as printers and ActiveX controls), perform maintenance on the computer, and more. Better Compliance Control through Privilege Management For departments that currently lock down desktops, or who are in the process of meeting these governmental guidelines, Viewfinity offers government agencies the ability to manage administrative rights so that the settings mandated by the USGCB and FDCC security list are not compromised due to functionality needs. Viewfinity Privilege Management features are integrated with Active Directory and allow agency administrators to establish flexible privilege elevation policies for applications and desktop functions that require administrator rights. Desktops continue to operate within the least privileges mode except for those functions flagged by the agency administrator for elevated privileges, such as:  Applications: Elevate privileges to administrative rights per application, not per desktop  ActiveX: Manage permissions for non-administrative users to install ActiveX applications  Printers: Manage permissions for non-administrative users to install printers or perform application installations (optional)  Windows Services: Raise privileges to perform specific administrative functions (Device Management, Disk Defragmenter, Manage Services and User Accounts & Shares) 1050 Winter Street Waltham, MA 02451  781.522.7474 www.viewfinity.com
  • 2. Policy Management: Automating USGCB and FDCC Compliance Policies Viewfinity Privilege Management features offer IT departments new methods for enforcing USGDB and FDCC compliance policies on all its PC assets regardless of the endpoint client’s location or connectivity status. Both officially supported applications and those installed by end users can be better managed and provisioned. Upon installation, they automatically become part of the pool of applications that are managed according to your predefined policies. Administrators can be assured that no matter what end users might be doing while working offsite, all established USGCD and FDCC compliance rules are continuously enforced. Critical applications can be grouped by agency/work units or functional roles and then associated with groups of computers for which a set of policies should be applied. Enforcement criteria range from notification-only of certain application installation or usage to imposing security rules by blocking black listed applications. With our automated policy management, Viewfinity addresses the needs of both end users and IT. While ensuring desktop security, end users have the flexibility to install applications that normally are not allowed on government assets. Viewfinity Privilege Management features provide the ability to restrict individual applications from operating on your network on a per-machine or per-group basis. Applications can be restricted entirely or simply hidden during working hours while still remaining available to the end user for home or travel use. Flexible, Configurable Rules Rules are customizable by groups, by application, and even by time period as defined by your IT hierarchy and policies. Corresponding alerts are set to monitor desktops and notify system administrators, and for specific predetermined guidelines, take action in the event of any end user policy violation. This ensures that the time and investment made by IT departments setting USGCB and FDCC IT policies are enforced automatically in real-time, without intervention by IT staff. Viewfinity FDCC Compliance Verification Activity Auditing Viewfinity supports real-time monitoring and recording of laptop, desktop and application events, providing the administrator with an auditable record of all changes being made on the laptop or desktop. Viewfinity’s precise activity recording feature provides a picture of all meaningful user/application activity for every laptop and desktop. When an audit needs to be performed on a specific PC, our Activity Recording feature both expedites the process, as well as aiding in the interpretation of the results of information collected. The IT Administrator simply accesses the desktop activity journal for the specific end user and a record of all recent desktop activities appears. USGCB and FDCC Policy Auditing A key component for USGCB and FDCC policy management is the ability to audit and report on the status of privilege management policies. Administrators should not have to go through the process of remotely connect to a PC to validate that a policy is in effect. Instead, IT needs centralized management capabilities to report on and review the status of policies to determine whether they have been successfully delivered and are activated. 1050 Winter Street Waltham, MA 02451  781.522.7474 www.viewfinity.com
  • 3. Flexible Implementation Methodologies In support of the Federal Government’s Apps.gov cloud initiative to move applications to the cloud, Viewfinity Privilege Management can be implemented through our SaaS/Cloud platform or via your on-premise servers as a private cloud, or as an extension to Group Policy, enabling policies to be managed through the standard Group Policy Management tools. Privilege Management Functionality Components for USGCB and FDCC Elevate Privileges Certain Windows applications and desktop functions require local administrative privileges in order to run and function properly on a desktop or laptop. Granting Full Administrator Rights creates a less secure desktop environment and opens the door for malicious hackers and viruses, thus organizations consider the practice of granting Administrator Rights to standard users to be risky. It also breaches compliance regulations posed by these mandates, which stipulate that administrative rights cannot be granted to end users and may not be made available on federal desktops and laptops. Viewfinity solves this problem by elevating administrative rights for certain processes or applications rather than at the user account level. When permissions are raised, the elevation is performed directly within the security token of the user account. The application or process is started using the current user credentials as opposed to using RUN AS which needs the Administrative account in order to raise privileges. The RUN AS method potentially introduces security risks and issues for changes that are written into current user registry. All elevation rules are applied in a real time and do not require users to cycle through the log off/log on process. Viewfinity doesn’t require desktops to be part of the domain or to be attached to the central network in order for privilege elevation policies to be delivered. Detailed reporting provides intelligence on all administrator privilege policies, including an audit trail report that provides confirmation that a policy has been delivered and activated on endpoint devices. Elevate Privileges supports ActiveX Controls, printer installations, computer management functions, and applications requiring administrator rights for local, remote and mobile users. Policies are delivered as soon as the PC connects to the internet. 1050 Winter Street Waltham, MA 02451  781.522.7474 www.viewfinity.com
  • 4. Benefits and Features: Key Benefits of Elevate Privileges: Key Features of Elevate Privileges: •Automates privilege management by bringing •ActiveX: Manages permissions for non- endpoints into full compliance with corporate administrative users to install ActiveX Controls software policies as soon as they connect to the Internet •Printers: Manages permissions for non- administrative users to install printers • Ensures USGCB/FDCC, SOX, and HIPPA compliance through centralized control and •Computer Management Functions: Raises regulation of PC administrative rights privileges to perform specific administrative functions (Device Management, Disk • Increases user satisfaction by providing flexible Defragmenter, Manage Services and User application policies instead of completely Accounts & Shares) blocking non-standard applications •Applications: Elevates administrative privileges •Prevents the use of applications that create for approved applications without compromising security risks security on the PC (managed via central console, no desk-side visits required) •Reduces probability of malicious and virus attack on corporate laptops & desktops •Remote/Mobile Clients: Automatically delivers policy to remote clients as soon as the PC •Eliminates security risks by attaching connects to the internet administrative rights to Windows applications and processes rather than adding users to the •Reports: Confirms policy delivery status to administrators group ensure policies were applied Block Application Each organization has list of known applications which they do not want installed on its desktops. In some cases, IT may want to permanently prevent users from installing certain applications, while for other applications, blocking the execution of an application maybe a temporary measure. In order to stop unwanted software installations, some organizations opt to completely lockdown its desktops. This approach can be unproductive for end users as it doesn’t offer any flexibility for supporting non-standard requirements, such as the needs of traveling or remote users. Using Viewfinity, the IT Administrator may establish policies that identify applications (by group if needed) that should be blocked from executing on agency desktops and laptops. For example, a particular division may have a specific policy that prohibits any Instant Messaging software form executing. Viewfinity automatically enforces this policy for division members of that AD group, ensuring that these PCs are intact with USGCB and FDCC compliance regulations. Policies can be set for multiple combinations software such as Skype, ICQ, Yahoo Messenger, AOL, etc. Policies can also be flagged to unblock usage of specific applications while the end user is not connected to the internal network. 1050 Winter Street Waltham, MA 02451  781.522.7474 www.viewfinity.com
  • 5. Benefits and Features of Block Application : Key Benefits of Block Application: Key Features of Block Application: •Secures desktops & laptops by blocking • Allows logical grouping of business applications execution of black listed software and sets protection policies based on business unit's common applications, roles, etc. • Easily implements polices on PCs located outside of your internal network •Creates work and home profiles containing applications that can be activated / deactivated • Prevents the use of applications that create accordingly security risks •Provides flexible application lockdown and •Reduces the time IT spends maintaining a maintains standard application configurations standard desktop image used to rollback to protected state •Manages and secures applications from a Central •Provides flexible scheduler allowing applications Management Console - no need for individual to be block based on timeframe desk-side visits •Ability to apply "block" policies based end user location (on/off ) corporate network Policy Automation powered by Zero Touch Technology Viewfinity’s Policy Automation is the automatic detection and capture of the need for elevated permissions, combined with the ability to create the appropriate policy and authorize the privilege elevation request on the fly. When an end-user tries to run a particular application or perform a task that requires elevated permissions, the Viewfinity Agent automatically detects this and opens a dialog box where the user can enter his business justification for using this particular application. The Viewfinity agent automatically routes the request to the IT Administrator via the Viewfinity Console, or by way of a report or an email. The IT Administrator can approve and activate the policy and elevate the privilege on the fly. Prior to approval, the IT Administrator can review the business justification provided by the end user as well as information about applications or task from the computer/user that initiated the request. Information related to Applications, ActiveX, Administrative Task, Scripts, etc. is automatically collected during the Policy Automation process. Policies are automatically created without manual intervention. Viewfinity Local Admin Discovery This complimentary tool identifies user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain. Having detailed information related to which users and groups have administrator rights on corporate desktops allows you to reassess who should have these rights. Once the analysis has been run, IT Administrators can take action, if needed, by removing the users or suspicious groups from the Administrators group. Pre-Discover Applications Requiring Elevated Permissions Silently gather information and monitor which applications, processes, and administrative actions will require administrative permission before users are removed from the local admin group. Our Application Admin Rights Analysis is based on end user activity and is collected over a period of time to ensure all events are captured. Once the collection and analysis is completed, policies to elevate privileges can be automatically created and prepared in advance so that when 1050 Winter Street Waltham, MA 02451  781.522.7474 www.viewfinity.com
  • 6. administrative rights are removed, the policies are in place to ensure a non-disruptive move to least privileges. Video Audit / Policy Audit A key component for policy management is the ability to audit and report on the status of privilege management policies. Administrators should not have to go through the process of remotely connect to a PC to validate that a policy is in effect. Instead, IT needs centralized management capabilities to report on and review the status of policies to determine whether they have been successfully delivered and are activated. During a corporate audit, it is critical to know which applications are running with elevated rights, which are blocked, and to monitor the administrator who is enforcing these rules. Screen recording per Application/Policy: Automatically creates and stores a screen recorded video of user activity based upon a particular application or policy. IT Administrators can elect to record user actions based upon specific policies and/or applications. This feature has wide-spread usage and appeal considering the type of information that can be recorded and used for policy auditing purposes. For example, you can monitor a user session during which the user has elevated permissions to install an application or it can be used for monitoring suspicious user activity. Screen recordings can be stored locally or on a network share. Administrator's actions log and reporting: When an admin creates a policy, there is a corresponding audit log that tracks the administrator’s actions and activity. Senior IT management and audit teams gain a clear understand of which policies are being activated/deactivated, created, and removed by the IT team. Integration of policy reports with SCCM Viewfinity offers an add-on component which is deployed on SCCM server that reports privilege management policy usage status and information regarding privilege access request from end users. The SCCM agent can collect Viewfinity policy events such as policy usage, insufficient privileges to install applications or ActiveX, requests from users to perform Administrative tasks such as disk defragmentation or the ability to change power options, etc. All information collected is transferred to the SCCM server through the add-on component. The status of Viewfinity policies and privilege access requests are tracked through the SCCM Console. This helps IT administrators by providing general system management tasks and privilege access activity from one management console. 1050 Winter Street Waltham, MA 02451  781.522.7474 www.viewfinity.com