PowerBroker Desktops 5.3 will be released this month, and as a follow up to our previous article, this article describes additional enhancments to end user message boxes that provide users with more flexibility and functionality.
The first thing we did was give you additional control over the content that can be put into message boxes and also have added some elements to allow you to better control the aesthetics of the message boxes.
The message box user interface now allows you to control the background color and background images, and you can also customize the text color. Additionally, we provided the ability to add a custom URL to the message boxes so that an end user can open a helpdesk ticket or be redirected to a website for more informtion.
Another unique new feature that we have added to the message box capabilities is what we call Challenge/Response Policy Override. This allows you to solicit a passcode from the end user and allow them to run an application that is either blocked from running by PowerBroker or run an application that is prompting with User Account Control (UAC). Here’s what the workflow looks like:
When an application prompts with UAC, the user is presented with a customizable message box like this:
If the user presses the OK button, the message box closes and the application does not start. If the user presses the Cancel button, PowerBroker Desktops returns the user to the standard UAC prompt. If the user presses the Passcode button, they are taken to a message box that looks like this:
You have full control over the text in the message boxes, but by default, it will ask to user to contact the helpdesk to provide the Authorization Code. The helpdesk then would enter the Authorization code into a code generator in PowerBroker Desktops and provide that code to the end user. Once the code is entered by the end user, the application would then run properly. This feature is great for users who might be offline and without an internet connection, or even for simple, ad hoc privilege elevations that a limited number of users require for specific tasks. These privilege elevations that are done with a passcode are logged to the system so that you can report on them later to verify that they were used appropriately.
The Challenge/Response Policy Override feature also works great if you are using PowerBroker Desktops for application whitelisting. When an application is blocked, you can put the users through the above process in order to allow the user to run or install an application.
Check out this blog tomorrow for some additional exciting new features that we are about to release.