Privileged Access Management
How Recast Helps Enable Zero Trust Adherence
Kody WollaTopics: Privileged Access Management
We work with many organizations on a zero trust journey to strengthen their environments. Some are just beginning, while others have spent years already implementing policies, procedures, and software to architect their infrastructure securely. Core principles of zero trust often resonate with IT teams, but the implementation can feel daunting and the cost to execute substantial. Thankfully, Right Click Tools Enterprise contains the infrastructure to work within your current ConfigMgr / SCCM environment with zero trust principles intact. When customers then pair Right Click Tools Enterprise with Privilege Manager, our privilege access management (PAM) solution, organizations find themselves much further into their zero trust journey with less friction than they anticipated.
Recast Management Server and Zero Trust
Powerful Endpoint Management without Admin Rights
Right Click Tools Enterprise was built with security in mind, and much of that security focus really shines in Recast Management Server (RMS). When running a RMS in your environment, you can take better control over access to your ConfigMgr environment. We are often asked, “Don’t my admins need local admin access to run Right Click Tools actions?” With Right Click Tools Enterprise and RMS, you don’t need local admin if you set up a Recast Proxy. This will allow you to run the actions as a service account, enabling you to remove your admins from the local admin group. In short, you can remove individual privileged access from support staff without limiting their ability to support end users.
If you have already begun your zero-trust journey and have some permissions set up in your ConfigMgr environment, Right Click Tools will abide by the rules you already have in place. No need to worry about admins being able to get around access controls that are already in place. However, you can take your controls even further using RMS. In RMS you can set up roles to control which actions can be taken. Setting up scopes in RMS allows you to limit who can act on which machines. RMS also logs all Right Click Tools actions so you can audit and then make any permissions changes that you see fit.
Removing local admin privileges from your end users is a major step in the process to a more secure environment. Giving local admin rights to end users has been a cardinal sin in IT for a while now, but we know that it still happens regularly. Right Click Tools can also help in this regard. Utilizing the System Information tool, you can view the local groups on a machine. From there you can drill down into the group to view its members. Use this tool to look at the local admin group on your machines and easily remove any user accounts from the group that should not have access.
Privilege Manager Enables Zero Trust
We recently announced the release of Privilege Manager, a powerful privileged access management solution. Privilege Manager enables you to take big steps toward creating a zero-trust environment in an easy to set up manner. Utilizing Privilege Manager, you can reel back in admin access without having to sacrifice the productivity of your end users. Self-service elevation and activation codes allow your end users to continue to work undisrupted.
Privilege Manager also allows you to provide just-in-time access. Having elevated privileges for longer than needed is a major security risk if an account becomes compromised. With Privilege Manager, you can relieve some of that worry with scheduled group access. You can set a user to be a member of a group for the time window that is needed and then be removed from that group when access is no longer necessary. This eliminates worries about giving someone privileged access and then forgetting to remove it later.
Auditing is an often-overlooked step in the journey to zero trust. IT managers should be constantly checking reports to both ensure that systems are set up correctly and monitor for any concerning activity. Privilege Manager can help make that process much less painful with its built-in reporting. These reports range from computer reports to password reports and much more. Quickly see who is requesting access at what times and how often to help identify any unusual access requests. Combined, these data points allow you to stay informed on trends in your environment.
Zero Trust Adherence with Recast Software
We encounter many organizations beginning their zero trust conversations. Too often the breadth of the task debilitates teams from acting. Additionally, with dozens of software companies offering PAM solutions, this too adds a layer of complexity. Recast Software takes pride in creating solutions that work natively within the systems organizations already use. Within the endpoint and systems management space, this is most often ConfigMgr / SCCM. Right Click Tools Enterprise paired with Privilege Manager allows organizations to take a significant and impactful leap forward in hardening their environments without the significant onboarding and rearchitecting required by some other solutions.
Learn more about PAM and how Recast can speed up your zero trust process without excessive friction.
Additional Resources
Privileged Access Management (PAM)
- Privileged Access Management (PAM) Overview
- Open-Source Privileged Access Management Software: A Solution for You?
Admin Rights
- Removing Admin Rights Hardens your Environment
- 2 Core Rules of Zero Trust with Sami Laiho
- The Principle of Least Privilege
- Principle of Least Privilege: #1 Solution for Security
