News

AutoProf Changes Name to DesktopStandard Corp.

• By Scott Bekker
• 01/27/2005

AutoProf started in 1997 with technology to centralize Outlook mail profiles to allow users to log into any workstation in an enterprise and see their own mail. This automated profiling technology, which developed into the product ProfileMaker, was the basis for the AutoProf company name.

With the introduction of Microsoft's Group Policy technology in the Windows 2000 Active Directory, AutoProf saw a more powerful way to accomplish automated profiling and more advanced functions of enterprise desktop standardization.

In late 2003, AutoProf delivered its first product focused on extending Group Policy, called Policy Maker Professional. The product was later renamed PolicyMaker Standard Edition, which includes 22 Group Policy extensions -- double the number native to Windows 2000 and Windows XP. The company expanded the product line with PolicyMaker Software Update, which integrates a patch management framework into Group Policy, and a free tool called PolicyMaker Registry Extension.

Kevin Sullivan, product manager for PolicyMaker, says the company spent the past year proving the concept of Group Policy extensibility. "As we've grown, and as Microsoft's enterprises have grown, the idea of enterprise desktop management is absolutely critical," Sullivan says. "It's not really about automated profile management anymore. DesktopStandard sort of sums up what we do."

ProfileMaker still makes up a large percentage of DesktopStandard's sales, but less now than PolicyMaker as Active Directory deployments become more common. Still, underscoring the company's emphasis on Group Policy-based management, the company's news release makes no mention of the ProfileMaker product line.

New Product Helps Enforce Security Principle of 'Least Privilege'

This week, DesktopStandard expanded the PolicyMaker line further with a new tool designed to remove some of the hurdles that prevent organizations from adhering to the security principle of "least privilege."

In theory, "least privilege" sounds good -- a user should always run applications with the absolute minimum level of privileges necessary, thus minimizing the damage an attacker can inflict when he breaks into the user's system.

In practice, a combination of factors make it extremely difficult for administrators to enforce least privilege. The productivity gains of computing in multi-tasking Windows environments largely depend on the ability of users to easily access data in one application and transfer it into other applications and on the ability to switch seamlessly among unrelated applications to follow natural thought patterns. Many of the most productive applications have a poor design that requires a user to have administrative privileges to get the application's full benefit. Meanwhile, powerful utilities and tools needed by administrators and developers properly require administrative privileges.

None of the workarounds is optimal. Logging in and out of administrative accounts disrupts productivity. The existence of multiple accounts for a single user presents its own security risks. Meanwhile, efficiency and laziness often causes users with access to an administrative account to make that account the default anyway. Using the RunAs utility introduced by Microsoft in Windows 2000 is impractical in many cases because running an application that way does not grant access to regular user settings.

DesktopStandard is extending Group Policy with its new product, PolicyMaker Application Security, to attach privileges to a specific application. For example, an administrator could be running an administrative utility with full privileges and, without switching users, check an online help file via Internet Explorer with minimum privileges.

"We say, 'Don't give the user extended rights, give the process extended rights,'" Sullivan says. "Give the process the privileges."

DesktopStandard has a new Website, www.desktopstandard.com.