BeyondTrust has announced version 4.0 of its flagship Privilege Manager product. The new version is designed to make managing security in Windows Vista easier.

Privilege Manager 4.0 lets enterprises eliminate local administrator rights while allowing users to run all authorized applications by transparently granting administrative privileges to only the specified applications that need them.

It also lets IT set the integrity level of an application process to create an enhanced Least Privilege security environment, and has on-demand capabilities that let authorized users elevate the privileges of applications not previously specified.

It does this by leveraging Active Directory's Group Policy, and BeyondTrust says this is the first product to have this capability.

Privilege Manager 4.0 also gets rid of what can be annoying dialog boxes that crop up when Vista's User Account Control (UAC) security is implemented.

Another new feature lets IT define rules to provide elevated privileges to applications with digital certificates signed by specified software publishers. The idea here is to make it faster and easier for administrators to create rules for software from trustworthy sources.

Further, Privilege Manager 4.0 includes a new rule to elevate software installation privileges from specified or authorized CDs or DVDs.

What It All Means

Integrity levels are assigned to every process, user and object in Vista, and an object can only interact with another of the same or a lower integrity level.

By default, Vista runs applications at a medium integrity level, and Privilege Manager lets users set the integrity level of processes.

"You could, for example, tell Vista to run Firefox at a low integrity level so any piece of malware or anything that can leverage that process won't be able to run," Scott McCarley, director of marketing at BeyondTrust, told InternetNews.com.