The Problem
Enterprise IT teams running legacy IE/ActiveX clients face an impossible choice: either grant standard users local admin rights (creating massive security exposure) or deploy expensive enterprise PAM solutions ($100k+/year) that are overkill for per-app elevation. Current workarounds like Task Scheduler tricks are fragile, undocumented, and don't scale across hundreds of users without introducing security blind spots.
What We're Building
PrivApp is a lightweight Windows service that enables granular, auditable privilege elevation for specific applications without granting users admin rights. Administrators define which apps (and which users) can elevate via Group Policy; execution is logged centrally; no password sharing or admin credential exposure. Deploy via MSI + GPO in under 30 minutes.
Who It's For
IT Security & Systems Administrators at mid-market enterprises (1,000–10,000 employees) in regulated industries: financial services, manufacturing, utilities, healthcare. Specifically: teams managing legacy SCADA, IoT controllers, or database clients that require elevated permissions.
Key Features (Planned)
- Per-app privilege elevation rules via Group Policy—no user admin rights needed
- Centralized audit logging of all elevation events to Event Viewer or syslog
- Signed execution wrapper with SDDL-based access control—define exactly which users can elevate which apps
- Deploy via MSI + GPO in under 30 minutes; works with Windows 7 SP1 and later
We're validating this idea before writing a single line of code. If this resonates with you, we'd love your feedback:
If you're currently managing legacy apps that demand admin rights, how many users are affected, and what's your current workaround costing you in time/security risk per year?
Check out the concept page and let us know what you think.
Built by Jenavus — AI-powered business intelligence
Top comments (0)