Software update viewer is running as a privileged user

For this category, you should set up Privilege Management for Windows Workstyles that give the user an on-demand elevation facility, which allows the user to elevate any applications from a standard user account. All elevated applications can be audited, to discourage users from making inappropriate use of this facility. For more information, please see On-Demand Application Rules.

BeyondTrust is the worldwide leader in Privileged Access Management PAM , empowering companies to secure and manage their entire universe of privileges. The BeyondTrust Universal Privilege Management approach secures and protects privileges across passwords, endpoints, and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational performance.

All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Privilege Management for Windows Administration Privilege Management for Windows combines privilege management and application control technology in a single lightweight agent. Laptop User Flexibility to perform ad hoc admin tasks and install software when away from the corporate network. Technical User Complex applications and diagnostic tools, advanced admin tasks, and software installations.

These can fall into one of three categories: Known Admin Applications: You already have a definitive list of applications that require admin rights to run. Access the application user interface as a regular user, navigate to the application screen that provides the software installation function and attempt to install software components, modules, extensions, or plugins.

If the application utilizes an approved repository of approved software that has been tested and approved for all application users to install, this is not a finding.

If the application allows regular users to install untested or unapproved software components, extensions, modules, or plugins without explicit authorization, this is a finding. Allowing regular users to install software, without explicit privileges, creates the risk that untested or potentially malicious software will be installed on the system.

The organization: CMa. Establishes Assignment: organization-defined policies governing the installation of software by users; CMb. Enforces software installation policies through Assignment: organization-defined methods ; and CMc. If provided the necessary privileges, users have the ability to install software in organizational information systems.

To maintain control over the types of software installed, organizations identify permitted and prohibited actions regarding software installation.