Review: ScriptLogic Privilege Authority

March 30, 2011 Leave a Comment

Today I have received an email from ScriptLogic with the announcement of Privilege Authority 2.0 that includes a free community edition. There are many solutions that support the principle of least privilege. Some solutions are only dealing with this challenge and others offer this feature as part of a broader solution.

The idea is that administrators can manage processes to launch with elevated privileges, without elevating the user account.

Installation

The installation of Privilege Authority is pretty easy. A simple server setup on the server side installs the management console.

Once the console is installed, you can install an client on the console machine from the menu. Remote clients can be installed with a Windows Installer package that can be found under ‘ Client\Open file location’.

I have installed the server component on Windows Server 2003 R2 and the client component on Windows 7. Both installations did not require a reboot.

Configuration

Once the clients are installed, configuration is done through Group Policy Objects (GPO). The Community section provides many pre-defined rules created by the community.

Let’s create a rule on a newly created GPO to elevate the Command Prompt process with the BUILTIN\Administrators group and an additional DEMO\Cheese group. The DEMO\Cheese group has no members.

Additionally you can add other groups to the security token of the process. Advanced options allow you to manage the actual privileges.

A test button allows you to test the rule from within the console.

Now, simply link the newly created GPO to the appropriate Organizational Units (OU) where the end points reside and off you go.

To validate the actual elevation of the process, you can use Process Explorer to check the security of the process.

As you can see, the security group DEMO\Cheese has been added to the cmd.exe process.

Conclusion

ScriptLogic Privilege Authority is a nice point solution for process elevation. If you want to design your environment with the principle of least privilege in mind, process elevation is essential. But, process elevation is just a little piece of the puzzle.

Besides providing the appropriate privileges for those processes that do not run without, you also need to take care of providing the appropriate applications, data and personalization to your end users. Taking control over these pieces of the puzzle as well, will really support the principle of least privilege.

Advertisement

Filed under Technology Tagged with ,

About Bob Dekousemaeker
I am technology and sports driven.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.