Skip to main content

How to Conduct a Comprehensive Policy Review

Regular policy reviews are essential to maintaining a secure, compliant, and efficient environment. A well-executed review helps identify weak points in policy rules, adapt to organizational changes, mitigate risks, and support ongoing compliance. While this guide offers general steps and best practices, every organization’s needs are unique. We recommend tailoring these guidelines to your specific environment and policies and consulting your BeyondTrust account owner if you need additional support.

We recommend performing a professional, in-depth review annually, complemented by an internal semi-annual review. If your organization undergoes frequent changes, more frequent assessments may also be beneficial.

Note: BeyondTrust offers Health Checks and policy review assessments for organizations seeking in-depth support or an objective perspective on their policies.

 

Step 1: Accessing and Importing Your Policy

For MMC/On-Prem Environments:

  1. Open the MMC Console: Start by opening Microsoft Management Console (MMC).
  2. Add Snap-ins: Navigate to "File" > "Add/Remove Snap-in."
  3. Select Privilege Management Settings: Choose either "Local Policy" or "BeyondInsight" Privilege Management Settings.
  4. Import Policy: After adding it, select "Import Policy" from the left pane to load the policy file for review.

Optional: Import a QuickStart Template as a baseline for comparing policy structure and recommendations.

For WPE/Cloud Environments:

  1. Access the Web Policy Editor: Open the Web Policy Editor in your cloud environment.
  2. Create a Blank Policy: Select “Create a Blank Policy” to create a neutral review space.
  3. Import the Policy: Go to “Utilities” > “Import Policy.” You can either “Merge” the existing policy into the blank template or overwrite it.

 

Step 2: Review Matching Criteria for Policy Rules

Why It Matters: Matching criteria define which applications are allowed, elevated, or blocked. Strong matching criteria help ensure that only trusted applications are granted elevated permissions, reducing vulnerabilities.

  1. Locate Application Rules: Focus on rules that allow or elevate (typically in green).
  2. Strengthen Matching Criteria: Look for criteria such as Publisher, File Hash, or Product Name, which are harder to bypass. Flag any rules using only basic identifiers (e.g., file name or location) as these may be vulnerable.

 

Step 3: Evaluate Critical Permissions and Group Access

  1. Identify Elevated Permissions: Identify any rules where standard users can elevate applications, especially without an admin token or prompt.
  2. Flag High-Risk Rules: Pay attention to rules that elevate applications located in accessible directories without additional security prompts.
  3. Review Access Control Lists (ACLs): Ensure that repositories storing privileged applications are tightly restricted to avoid unauthorized access.

 

Step 4: Open-Save Dialog and Trusted Application Protection (TAP)

  1. Enable Open-Save Dialog Protection: This setting restricts access to critical system directories when elevated applications open file dialogs, adding an extra layer of protection.
  2. Activate Trusted Application Protection (TAP): Enable TAP for commonly used applications (e.g., Office 365) to defend against DLL injection. Refer to BeyondTrust’s Knowledge Base for TAP templates and guidance.

 

Step 5: Review and Document Findings

Maintaining documentation of your policy review findings helps monitor the policy's effectiveness and track any changes or improvements made over time.

  1. List Weak Rules: Document any weak rules or open permissions and mark them as action items for follow-up.
  2. Secure Findings: To prevent unauthorized access to potential security weaknesses, protect your documentation with restricted access or encryption.

 

Additional Support

Our Senior TAM, Tasha Clowater, will be providing a guide next week on conducting more frequent, lightweight policy reviews. This approach helps organizations keep pace with minor adjustments without committing to a full review each time.

 

Following these steps allows you to perform a thorough policy review and maintain a strong security posture. For organizations needing additional support, contact your BeyondTrust account owner to discuss Health Check options or check out our KB articles below.

 

Best Practices when using the QuickStart for Windows policy template

Best practices when using the QuickStart for Mac policy template

Best practice for policy rule creation (application & On-Demand)

How to use filters in Endpoint Privilege Management

 

 

 

Be the first to reply!

Reply