Each console is designed to manage a major Windows component such as Services or Print Management, and can connect remotely to other computers on the network when necessary CENTRIFY CORPORATION. Figure 1 Match criteria in the Application Rights Builder Pre-defined rights for Windows Server management consoles The standard management consoles built in to Microsoft Windows Server get a lot of use from administrators. And, since the Application Rights Builder supports pulling match criteria via remote connections to other computers on the network, you can easily assure that you are granting rights to precisely the correct program regardless of where the program file or process may reside. You can also select from a list of running processes on the target computer instead of selecting a program file. Since match criteria values can be edited at any time, you can also use the Builder to make any application right a template for the creation of additional rights. Rights for complex application and argument list combinations such as MMC snap-in consoles are easy to create. You simply select a program file! The Builder retrieves all match criteria including file paths and command arguments, eliminating mistakes and wasted time. The new Application Rights Builder makes it easy to create application rights for your Windows admins. And, you want to make sure that the right you re creating is definitively tied to the actual application and program file you want the user to run. Creating and assigning rights to run applications with elevated privilege is critical to the success of a privilege management project. DS PAGE 1ΔΆ New application rights builder Application rights enable Windows admins to do their jobs without having to use highly-privileged accounts like local administrator or domain admins. There are over a dozen match criteria, including: Any of 11 executable file types, including EXE, COM, MSC, MSI, VBS and PS1 files Digital signature Product name and version File version and description File digest (SHA-1 hash) File path and command-line arguments 2014 CENTRIFY CORPORATION.
Or, a user can be granted the right to install any of a broad range of printer drivers through a single application right that elevates privilege on exe files whose file name contains the string pcl6 and is digitally signed by Hewlett-Packard Company. For example, a user can be provisioned with the right to run any application digitally signed by Microsoft Corporation with the string Microsoft SQL Server in the product name, enabling the user to run any of the SQL Server management tools with elevated privilege in a single application right. For example, if you have two rights to run SQL Server Management Console because your organization uses SQL Server 2008 and SQL Server 2012, which application right belongs to which version? The new match criteria feature makes it simple to define a single application right that will launch multiple versions of the same application with privilege or, multiple different applications that share common criteria. From the admin s perspective, it s hard to keep track of all the different combinations. Centrify Server Suite Standard Edition New match criteria to identify applications on Windows Many organizations run different versions of applications that need elevated privileges.
With this release Centrify enhances our powerful search capabilities and compliance reporting that combines access controls and the associated activity fully integrated across Windows, Linux, and UNIX platforms.
Centrify Server Suite 2014 also uniquely provides full privileged activity audit trails and video capture that ties all activity back to an individual. Wizards can be used in conjunction with our powerful new match criteria that improves flexibility in building a least-privilege access model by enabling privileges to be determined based on properties such as a digital signature (for example, signed by Adobe, Inc.). New wizards automate the creation of new, complex rights for administrative users and reduce the process to the simple click of a button. This release makes it easier to implement least-privilege access by delivering new pre-configured rights for Windows server management consoles that can be used out of the box. Enhancements to Centrify Server Suite include streamlined creation and management of administrative entitlements. 1 CENTRIFY SERVER SUITE 2014 WHAT S NEW What s New in Centrify Server Suite 2014 The new Centrify Server Suite 2014 introduces major new features that simplify risk management and make regulatory compliance repeatable and sustainable across heterogeneous servers and applications in the data center and the cloud.