Discover local administrator rights with the Least Privilege Discovery Tool

Features Explained


Identifies which endpoints have local admin rights, including hidden or hardcoded admin privileges, and which applications can run processes that require admin rights.

Local Admin Rights Removal

Easily resets all endpoints to a “clean-slate,” removing all local admin privileges at once.

Policy-based application control

Elevates applications, never individual users. Reduces one-off application management by IT.


Allow users to run known and trusted applications so they can do their jobs without IT.


Uses latest information from threat intelligence databases (VirusTotal) to deny applications from running.


Allows apps that don’t fit into either category to be isolated for further testing and run in restricted mode with no admin rights.


Quarantine applications so they are not allowed to execute, or only execute in a limited way so they don’t touch any system folders or underlying OS configurations.

Contextual control

Control over who can run certain processes, if processes can run on certain endpoints, if processes are allowed in certain regions or during certain times.

Limit child processes

Limit child processes, such as executing processes from within a PDF, which may allow malware to execute.

Inventory all local groups and users

Allows you to discover all local accounts that exist on endpoints and gives you the ability to control the exact membership of every local group. This helps mitigate the risk of backdoor accounts in the environment.

Coverage of non-domain endpoints

Not bound by users in GPO or Active Directory, so can include 3rd parties.

Auditing and reporting

Out-of-the-box and custom reports can be configured and shared with management and auditors.

How customers use it

  • Screen shot of how you can remove users from local admin groups on endpoints

    To remove users from local admin groups on endpoints


    Most breaches involve compromised endpoints. Endpoints are targeted because they are run by users who click malicious links or download malware. All it takes to cause severe damage is a hacker gaining local admin privileges through a single endpoint.


    With IBM Security Privilege Manager, you can discover which users on what end points have local administrative rights, and which applications require the administrator access token to execute.

  • Screen shot of application control home

    To implement a Least Privilege model


    Least privilege means users should only have sufficient access and rights to do the things they need. Enforcing this on endpoints has always been a challenge. IT administrators are often left with more privileges than they need.


    With IBM Security Privilege Manager, least privilege via application control reduces the attack surface by restricting the applications allowed to run, the devices allowed to connect, and the actions a system can perform.

  • Screen shot of report provided by IBM Security Privilege Manager.

    To meet and adhere to audit/compliance requirements


    Many compliance regulations, (including HIPAA, PCI DSS, FDDC, Government Connect, FISMA, and SOX) recommend/require that organizations apply least privilege to demonstrate proper data protection and security.


    With IBM Security Privilege Manager, create reports that demonstrate how you are protecting endpoints by following security best practices for least privilege. Manipulate these reports to track/compare over time to show trends and continued progress.

  • Screen shot of agent setup.

    To enforce least privilege for remote users


    With remote users/contractors accessing your internal network, it’s difficult to mitigate the risk of rogue behavior. If one of these users downloads malware while being connected, it could cause severe damage by moving horizontally or vertically.


    IBM Security Privilege Manager has the ability to automatically deploy policies on these types of endpoints to ensure the safety of your organization. It provides a central dashboard to control, modify and access remote or non-domain joined machines.

  • Screen shot of results of real-time reputation check performed by IBM Security Privilege Manager.

    To leverage reputation engines to get real-time protection


    With evolving attack vectors the chances of being compromised is at an all-time high. The ability to generate an accurate assessment of known-good apps based on various factors becomes increasingly unpredictable, leaving your company vulnerable 24x7.


    IBM Security Privilege Manager performs real-time reputation checks for any unknown apps by integrating with analysis tools like VirusTotal or Symantec’s FireEye, giving the ability to prevent apps that have been flagged as malicious from running.

You may also be interested in

IBM Security Verify Privilege Vault

Password vaulting, auditing, and privileged access control for the enterprise, available both on-premises or in the cloud.

IBM Security Verify Governance

Provisioning, auditing, and reporting on user access and activity through lifecycle, compliance and analytics capabilities.

IBM Security Verify for Workforce IAM

Modular identity-as-a-service platform for the modern organization, facilitating secure access for every type of user.