BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Sneak Peek at PowerBroker Desktops 5.3 — Message Box Enhancements

Posted August 9, 2012    Peter McCalister

PowerBroker Desktops 5.3 will be released this month, and as a follow up to our previous article, this article describes additional enhancments to end user message boxes that provide users with more flexibility and functionality.

The first thing we did was give you additional control over the content that can be put into message boxes and also have added some elements to allow you to better control the aesthetics of the message boxes.

The message box user interface now allows you to control the background color and background images, and you can also customize the text color. Additionally, we provided the ability to add a custom URL to the message boxes so that an end user can open a helpdesk ticket or be redirected to a website for more informtion.

Another unique new feature that we have added to the message box capabilities is what we call Challenge/Response Policy Override. This allows you to solicit a passcode from the end user and allow them to run an application that is either blocked from running by PowerBroker or run an application that is prompting with User Account Control (UAC). Here’s what the workflow looks like:

When an application prompts with UAC, the user is presented with a customizable message box like this:

If the user presses the OK button, the message box closes and the application does not start. If the user presses the Cancel button, PowerBroker Desktops returns the user to the standard UAC prompt. If the user presses the Passcode button, they are taken to a message box that looks like this:

You have full control over the text in the message boxes, but by default, it will ask to user to contact the helpdesk to provide the Authorization Code. The helpdesk then would enter the Authorization code into a code generator in PowerBroker Desktops and provide that code to the end user. Once the code is entered by the end user, the application would then run properly. This feature is great for users who might be offline and without an internet connection, or even for simple, ad hoc privilege elevations that a limited number of users require for specific tasks. These privilege elevations that are done with a passcode are logged to the system so that you can report on them later to verify that they were used appropriately.

The Challenge/Response Policy Override feature also works great if you are using PowerBroker Desktops for application whitelisting. When an application is blocked, you can put the users through the above process in order to allow the user to run or install an application.

Check out this blog tomorrow for some additional exciting new features that we are about to release.

Leave a Reply

Additional articles

PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,
PowerBroker for Windows can be configured to automatically identify the end user’s language preference

Implementing Least Privilege Around the World with PowerBroker for Windows

Posted July 17, 2014    Morey Haber

BeyondTrust recognizes that international, multilingual businesses have unique operating challenges, especially when it comes to implementing enterprise software. PowerBroker for Windows is a least-privilege solution often deployed across thousands of systems spanning multiple geographies and protecting users of diverse backgrounds. Earlier this year, PowerBroker for Windows introduces new data privacy features for EMEA and APAC,…

Tags:
, ,