Discover local administrator rights with the Least Privilege Discovery Tool

Frequently asked questions

Get answers to the most commonly asked questions about this product.


Getting started with this product

What is a least privilege policy?

Users or apps with admin or root privileges have access to sensitive data/operating systems. Under a least privilege model, admin accounts with elevated privileges are given only to people who really need them. All others operate as standard users with an appropriate set of privileges.

How do you successfully comply with a least privilege policy?

You must know which privileges you need to manage. Find out which endpoints and local users have admin or root credentials, identify which apps are in use and if they require admin rights to run and understand your risk level for service accounts and apps with an elevated set of privileges.

Should least privilege policy include approved business apps and a process to keep users productive?

Yes! To comply with least privilege policies, user rights should never be elevated to execute applications because this opens a window for hackers to exploit. Instead, the necessary applications should be elevated directly.

What is a whitelisted application?

Application whitelisting is the practice of specifying an index of approved software applications that are permitted to be present and active on a computer system. The goal of whitelisting is to protect computers and networks from potentially harmful applications.

What is policy-based application control?

Proactively manage and monitor all the applications running on your endpoints with policy-driven controls such as dynamic white/grey/blacklist and elevation policies, real-time application analysis and admin approval workflows.

What is endpoint security?

Endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats.

What are local administrative rights?

On a computer, an administrator is a local account or a local security group that has complete access to create, delete, and modify files, folders, and settings on that computer. This is in contrast to other user accounts that have only been granted specific permissions and levels of access.

What is the technical process of elevating an application?

The Privilege Manager agent elevates processes with a new SID (security identifier) from the Windows Local Security Authority. By replacing the SID and not the LUID (log in identifier), the process runs as the user who initially launched it but with higher access rights requested by the agent.

What is the difference between administrative versus root credentials?

Administrative credentials are privileged accounts typically in a Windows environment. Root credentials are privileged accounts in Unix/Linux.