Windows Least Privilege Management and Beyond
Devising an enterprise-wide privilege access scheme for Windows systems is complex (for example, each Window system object has its own access control list and the myriad of OS level rights and integrity levels vary by Windows version). For Windows environments it is critical that organizations can delegate administration and establish granular privileges quickly and efficiently to restrict administrators so they only access the servers and resources required to perform their job and only during the approved times to perform specific tasks.
Given the limitation of native tools, it has been common practice in Windows environments to assign privileged users high levels of administrative privilege so that IT staff could fix any problem that might occur at any time, even if that grants access to resources in the environment that administrators should not have privileged access to. And the requirement to meet compliance demands, mitigate insider risk and manage access and privileges of temporary workers, contractors and third-parties is driving the requirement for least-privilege security across the Windows environment and beyond to UNIX and Linux systems regardless of where these systems run - on-premise or in the cloud.
Centrify DirectAuthorize for Windows eliminates the problem of too many users having broad and unmanaged administrative powers by delivering secure delegation of privileged access and granularly enforcing who can perform what administrative functions. An integrated component of the Centrify Suite, organizations can easily extend DirectAuthorize to UNIX and Linux systems and enable user level auditing across Windows and non-Windows systems. The result is organizations can more easily meet compliance requirements and improve security.