Viewfinity 3.5 flexible but firm control of Windows environments

Gil Rapaport, Viewfinity's President and co-founder, Mary Rose, the company's VP Marketing, and Alex Shoykhet the company's VP Product Management, did a tag-team presentation of Viewfinity 3.5. I was impressed with both the ease IT administration staff can control the environnent and how flexible the tool is.

What Viewfinity has to say about what its product does

Managing and Elevating Privileges for Otherwise Locked Down PCs

For organizations who lock down its desktops, or who are planning to move to a locked down desktop environment, Viewfinity offers IT administrators the ability to manage administrative rights by desktop function and application. Our Privilege Management features are integrated with Active Directory and allow IT administrators to establish flexible privilege elevation policies for applications and desktop functions requiring administrator rights. Desktops continue to operate within the least privileges mode except for those functions flagged for elevated privileges, such as:

  • Applications: Elevate privileges to administrative rights per application, not per user or desktop
  • Child Processes: Choose to elevate additional executables or components required by an application to run properly
  • ActiveX: Manage permissions for non-administrative users to install ActiveX applications
  • Scripts: Elevate privileges to administrative rights per script
  • Printers: Manage permissions for non-administrative users to install printers or perform application installations (optional)
  • Windows Services: Raise privileges to perform specific administrative functions (Device Management, Disk Defragmenter, Manage Services and User Accounts & Shares)
  • GPO/Active Directory: Option to implement as an extension to Group Policy and manage through standard Group Policy Management tools
What's new in 3.5

This new version adds several features and upgrades including:

  • Zero Touch - Auto detection of need for elevate permissions, and the ability to create the appropriate policy and authorize the privilege elevation on the fly
  • Administrator Rights Discovery Reporting - Gather statistics to determine which PCs are not locked down and still have administrator rights
  • Screen recording per Application/Policy - Automatically create and store a screen recorded video of user activity based upon a particular application or policy
  • Administrator's actions log and reporting - When an admin creates a policy, there is a corresponding audit log that tracks the administrator’s actions and activity
  • Integration of policy reports with SCCM
  • Private cloud offering for enterprises that prefer on-premise installations

Snapshot analysis

One of the biggest challenges facing organizations when they want to lock down their Windows-based PCs (desktop or laptops) is sociological not technological. Individuals are used to being able to control their own environments and locking them down means wresting control from them and giving it to the IT administrative staff. While technically astute, they're not always understanding that they need to be extremely responsive and make allowances for staff wanting to change the desktop background or personalize their computing environment.

So, end users find that their environments do not allow them to put a photo of a loved one on the desktop. Or they're not allowed to re-arrange the icons on the desktop to improve their own personal productivity. Rather than being productive, staff spend a great deal of time figuring out how to go around IT's dictates.

Viewfinity is one of a number of suppliers who have developed tools making it possible to both tightly control the environment and give staff members control of specific features without also unlocking the barn so that all of the horses get out.

In the end, I was impressed.

Kusnetzky Group LLC © 2006-2014