One of the first challenges an organization faces when deciding to remove end-user administrator rights is determining what applications require such rights. Many times the approach is to remove administrator rights, see who complains and add those users back to the administrators group. Over time, large chunks of an organization still have administrator rights due to applications that are not compatible when run as a standard user. Let’s look at how this can be addressed.
There are four application types that typically require administrator rights:
Having this information is helpful, but identifying applications, particularly self-updating or legacy applications can require time consuming testing.
Arellia Application Control Solution identifies applications that require administrator rights enabling an organization to create policies granting rights to the application (not user) in preparation for removing administrator rights. With those policies in place, applications will work normally to a user and eliminate a nasty call to the helpdesk and\or adding that user back to the local Administrators group.
About Arellia: Arellia provides solutions for privilege management, application whitelisting, securing local administrator accounts, and compliance remediation. Arellia products are integrated with the Symantec Management Platform and sold through Symantec.