Application Rights Management

Application Rights

A Standard Feature in ProfileUnity

Application Rights Management enables Administrators to securely modify and/or elevate "standard user" rights in Windows to allow or deny applications from being executed, delivered, or installed on select users’ desktops. For example, higher risk applications may only be installed and accessed from specific workstations such as PAWS (Privileged Access Work Stations). Application Rights Management is included within the ProfileUnity User Environment Management feature set for no extra cost, adding great value for organizations.

Two feature modules within ProfileUnity enable organizations to accomplish Application Rights Management: (1) Privilege Elevation; and (2) Application Restrictions. These two modules empower Administrators to limit or enable user rights to execute, receive, or install any type of application, including virtualized and layered applications.

ProfileUnity Application Rights Management processes user rights from an Administrator level, securely preventing Standard Users from executing or launching applications where permissions do not exist.

ProfileUnity Application Rights Management solves the following use cases:

  1. Deliver specific applications to only select users – Administrators can minimize base image builds or deliver an application that can’t be virtualized with VMware ThinApp, Microsoft App-V, or layered with ProfileUnity FlexApp.  Simply add challenging applications to a base image and then restrict unauthorized users from launching the application with ProfileUnity’s Application Restrictions feature.
     
  2. Elevate privileges for Standard Users to run an application – Elevate a Standard User to be an Administrator to run and/or install select applications.  Simply elevate privileges for a specific user or user group to run the select application by using context-aware filters in ProfileUnity.
     
  3. Make administrator required applications compatible with Microsoft RDSH or Citrix XenApp -- Certain applications require Administrative privileges, making them a non-starter for server-based computing. ProfileUnity enables desktop administrators to easily elevate users or groups to Administrative privileges for select applications.
     
  4. Lockdown applications on a select desktop for kiosk or call center mode – ProfileUnity’s Application Restrictions feature can be set to only “allow” certain select applications; the user will then be denied access to all other applications.
     
  5. Elevate privileges for a user to install applications in virtual or physical desktops/laptops – ProfileUnity can be set to automatically raise the credentials of a user to an Administrator for select application installers by using Privilege Elevation.
     
  6. Location-Aware Application Restrictions --  ProfileUnity’s Application Restriction feature can be utilized with context-aware filter to make application(s) available to only certain users who meet select criteria.

Focus on Security
ProfileUnity enables Application Rights Management while keeping the environment secure. Variables such as a SHA-1 Hash specific to the application can be added to ensure the exact application is being enabled and nothing more. ProfileUnity also enables or restricts a user’s rights and profile settings with Administrator rights at a system level that Standard Users cannot modify.