Thincomputing.net
7Apr/110

ScriptLogic Privilege Authority Review

ScriptLogic Privilege Authority  is a (free) tool that help you give a user certain admin privileges without making them a member of an administrative group. Important in VDI and allows you to do more pooled VDI. Maybe even RDSH in stead of VDI Glimlach. This article provides a shot review.

The idea is that administrators can manage processes to launch with elevated privileges, without elevating the user account.

Installation

The installation of Privilege Authority is pretty easy. A simple server setup on the server side installs the management console.

Once the console is installed, you can install an client on the console machine from the menu. Remote clients can be installed with a Windows Installer package that can be found under ‘ Client\Open file location’.

I have installed the server component on Windows Server 2003 R2 and the client component on Windows 7. Both installations did not require a reboot.

Configuration

Once the clients are installed, configuration is done through Group Policy Objects (GPO). The Community section provides many pre-defined rules created by the community.

Let’s create a rule on a newly created GPO to elevate the Command Prompt process with the BUILTIN\Administrators group and an additional DEMO\Cheese group. The DEMO\Cheese group has no members.

Additionally you can add other groups to the security token of the process. Advanced options allow you to manage the actual privileges.

A test button allows you to test the rule from within the console.

Now, simply link the newly created GPO to the appropriate Organizational Units (OU) where the end points reside and off you go.

To validate the actual elevation of the process, you can use Process Explorer to check the security of the process.

As you can see, the security group DEMO\Cheese has been added to the cmd.exe process.

Source and more: http://bobkous.wordpress.com/2011/03/30/review-scriptlogic-privilege-authority/

Filed under: News Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.