BeyondTrust tames Vista's UAC pop-ups, leaves security intact

Management vendor BeyondTrust Tuesday unveiled software that lets companies nearly eradicate the pop-ups that plague Windows Vista’s user account control feature.

BeyondTrust released Privilege Manager 3.5 with a feature that plugs into Microsoft’s Group Policy infrastructure and lets IT control administrative rights needed to access some applications.

Vista’s UAC feature was touted as a way to avoid giving users administrative rights to their desktops. With those rights, users can install software and control the entire machine -- and so can malicious programs that secure administrative rights. UAC was designed to curb that problem, but users quickly found that the number of pop-up windows UAC generated was confusing at best.

“The things that were scaring us away from Vista were the hardware requirements and UAC,” says Omar Ghneim, network administrator for EXCO Resources, an energy company based in Dallas. “We tried Vista on a few administrators’ machines, but they couldn’t handle the pop-ups and we went back to XP the next day.”

Ghneim says he could not even run a command line without a pop-up. But after evaluating the UAC add-on to his 3-year-old Privilege Manager deployment, the company decided to go ahead with a Vista rollout.

“We were looking at late 2008 for any Vista rollout, but now we are looking at Q1 or Q2," he says. “We are SOX compliant and a public company and this passed all the auditing. The auditors were fine with this.”

With Privilege Manager 3.5, companies can run with UAC on or off and still eliminate the UAC prompts via security settings in Microsoft’s Group Policy feature of Active Directory.

When UAC is enabled, Privilege Manager policies set by a network administrator apply before a UAC dialogue box appears. If UAC is off, Privilege Manager policies will automatically elevate privileges for any activity authorized by the network administrator.

The operations are all hidden from the user, who continues to get access to all applications that require administrative privileges or that require an administrative password. The software also supports Windows 2000, XP and Windows Server 2003.

Privilege Manager 3.5 is priced starting at $30 per seat.