An intranet based website that allows access to all system management functions based on authority granted to administration users. This includes system configuration and setup, usage and audit reporting and allowable application definitions.
Central Helpdesk System
An intranet based website that helpdesk staff use to generate authorisation licenses for end users and generate local administrator passwords.
End User Client Application
Installed on each client machine, this program controls the launching of the applications when authorised by the central helpdesk system. Also this program audits and logs all usage of the system for communication to the Central Administration System.
EMS provides an enterprise level, client server system that allows
authorised users to run specific applications with elevated privileges in a "Least Privileges" locked down system under Windows UAC. Click here to download an overview of the system or click here to download a white paper on Supporting Windows UAC in the Enterprise
The EMS allows system administrators to define which applications can be run by which users with an elevated authority. The end users do not need to be given elevated rights themselves, nor do they need to be given access to another account with higher authority.
The entire system is designed to work in a sometimes connected fashion that allows support for travelling notebook users. It establishes communications as and when the user connects to the central network.
Flexible usage
Licenses are generated by a helpdesk operator or a self service system from a central intranet system depending on client requirements. Access to elevated processes on a client can be started by entering the license key into a small application or clicking on a special shortcut.
Client organisations have the ability to manage the applications elevated by the system. In addition to standard Windows processes they can add their own line of business applications.
Security
All functions within the entire system have been designed with full security as a requirement. All data communicated through the system is fully encrypted and all processes are tightly controlled by Windows security.
Auditing
Every action performed by the system is audited and communicated back to a central server for checking. This data is then made available through the central administration system for reporting purposes.
Sometimes Connected
The entire system has been designed to work in a sometimes connected environment where travelling laptop users are fully supported when working in the field. The users are still able to use the elevation processes they are authorised to perform.
New access can still be granted when disconnected and all usage data is stored in a local, fully encrypted, cache. The cached data is automatically uploaded once the computer is reconnected to the organisation’s network.
home ems aboutus contact overview paper windows security white paper