As Microsoft’s User Account Control begins to trickle onto corporate desktops, management vendor BeyondTrust is offering an alternative designed to ensure that users get privileges only when they need them in order to execute applications and other tasks.

Privilege Manager 3.0 lets companies centrally control what users can run on their desktops without using pop-up warnings like those that have been panned in Microsoft’s Vista.

Those pop-ups are part of Microsoft’s User Account Control (UAC) feature, which blocks users from having local administrative rights that enable users, or malicious programs, to install software or perform other tasks such as edit the registry.

With UAC, when users try to perform those tasks they are presented with a pop-up Window asking for authorization credentials. Observers have said the pop-ups -- especially the number of them -- can be confusing to users.

Privilege Manager works in the background controlling application access, software installations, ActiveX controls and system tasks that require elevated or administrative rights. The software was developed by DesktopStandard, which Microsoft acquired last year.

Company co-founder John Moyer, however, hung onto Desktop Standard’s PolicyMaker Application Security product, and used the name BeyondTrust to start a new company and rename the product. Privilege Manager 3.0 is its first release.

“A pop-up is a work stoppage,” says Keith Brown, network administrator for Gwinnett Medical Center in Atlanta. “We do not want to surrender local administrator rights into the enterprise. It is always a security issue. We had a free-for-all with people who knew they had local administrator rights and knew they could do what they wanted.”

Brown says that less than 1% of his 7,000 associates have local administrator rights and most of those users are in IT.

“First thing we noticed when we took away local administrator rights is that our incidents of malware dropped off considerably,” Brown says.

Privilege Manager is designed to let administrators manage exceptions to the rule that no one has local administrator rights. The software can increase rights when needed and reduce them went not needed, such as when an IT administrator is just answering e-mail.