I use a “least privilege” user management tool (i.e.: PowerBroker Windows, Avecto Privilege Guard, Viewfinity Privilege Management or Quest Privilege Authority).

A “least privilege” tool and PolicyPak don’t try to accomplish the same goal. Let’s understand the two goals:

  • “Least Privilege” tools (like PowerBroker Windows, Avecto Privilege Guard, etc) give you the ability to remove admin rights for users (thus running them as ‘standard users’). Then when applications prompt for credentials (UAC prompts) these applications dynamically inject credentials such that the UAC prompt is not shown and the application runs successfully.
  • PolicyPak delivers settings to applications that are launched, and consistently reinforces and remediates those application settings. This guarantees that your important IT and security settings hit the application and users must adhere to them.

Just because your users are running with standard user rights now, doesn’t mean they cannot manipulate application settings and it doesn’t mean you’re magically more secure. In this way, PolicyPak with “least privilege” utilities have an awesome better together story.

To see your “least privilege” user management tool working alongside PolicyPak, see these videos: