It has been more than a year since our last look at DesktopStandard Corporation. DesktopStandard offers Group Policy-based desktop management, allowing companies to leverage their investment in Microsoft's Active Directory. When I wrote about this company a year ago, they had recently released their PolicyMaker Application Security solution. In a year and a half's time, PMAS has become a critical tool for the enterprise wanting to enforce security policies on enterprise application usage.

PMAS, along with the other management products from DesktopStandard, extends the native security policies that are part of Windows Group Policy. The built-in Windows security management features do not provide for varying access based on the context of a given operation. So, in mid June of this year, DesktopStandard released PMAS Version 3.0, which brings the principle of "least privilege" to the Windows desktop environment.

Security experts agree that it's a good policy to give people the ability to do only what they need to with their computers, and no more. That is, each user is granted the least amount of privileges necessary to use authorized applications and perform authorized tasks. If possible, you want to lock users out of general administrative privileges over their own PCs in order to prevent accidental or intentional occurrences such as undesirable changes to hardware or software settings, installation of unapproved applications, or breach of compliance with regulatory mandates.

PMAS 3.0 gives you that granular level of control. You can assign minimal privileges to everyone, and then elevate the permission level for specific users who are performing an authorized activity that requires slightly higher access privileges without having to give full administrative rights. And for those users who need to have regular administrative rights to perform some of their tasks, you can lower their privileges in areas that don't require such access.

In addition, this new version of PMAS introduces support for Windows Vista and all 64 bit Windows operating systems, including Windows Server x64, XP x64, XP Professional x64 and Vista x64. If your company is planning to be among the first to bring Vista into the enterprise, you can use PMAS from the get-go to set your security policies.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.