Control and Audit Privileged Access to Windows Infrastructure
Windows admin accounts are highly targeted due to their broad access and privileges, giving rise to insider threats and advanced persistent threats (APTs) on Window Servers. Additionally, regulatory frameworks require audits of users who have access to sensitive information and how their account privileges are used.
Centrify Server Suite for Windows extends Windows Server administration with granular user privilege and auditing. Now admins have the right amount of privilege to access just the apps and services that they need, and end users can self-administer their systems without being granted broader access or privileges than their job requires.
Centrify Server Suite for Windows provides solutions for critical use cases that require privileged identity management beyond the capability of Windows native tools:
1. Protect regulated data on Windows Server from highly-privileged users and accounts
You're handed a mandate from management — restrict access to the PCI and SOX servers in order pass the upcoming audit. On Windows Servers, there's a problem. Every member of the Domain Admin group has access to the PCI and SOX servers — access they shouldn't have. How do you solve the problem and restrict access by your domain administrators to those servers?
Domain Admin group has access to the PCI and SOX servers — access they shouldn't have. How do you solve the problem and restrict access by your domain administrators to those servers?
2. Make shared accounts in Active Directory usable, safe, and accountable
IT organizations are required to create user accounts in Active Directory and share both the account name and its password with multiple users. Shared accounts are commonly used as administrative login credentials for major enterprise applications. But sharing accounts leads to problems with ease of use, security, and accountability. How do you make shared accounts in Active Directory usable, safe, and accountable?
3. Reduce or eliminate use of highly-privileged users like local and domain admin
User accounts with too much privilege can create conflicts between operational and regulatory compliance goals. For example, a user whose only business need is to restart a service on Server X should not have the privileges to browse a sensitive database on that server. How do you enable administration of Windows Servers without broad grants of highly-privileged accounts?