Our website uses cookies. To find out more information on the cookies we use, please head to our privacy policy.OK

PEM Logo

Privileged Endpoint Management

Enforce “least privilege” policies while enabling productivity

What is Privileged Endpoint Management?

Privileged Endpoint Management, or PEM, removes the need for local administrator accounts from the computers that every worker has access to every day. Often known as a “Least Privilege” approach, organisations aim to remove the local administrator accounts as they are highly valuable to attackers.

The need for better endpoint management

Enforcing “least privilege” – ensuring the right people have the right level of access and no more, can mean users don’t have access to the applications or resources they need to get their work done without a call to the IT helpdesk. The balance between security and productivity gets tipped towards security at the cost of productivity.

Traditionally, endpoint privilege management has needed substantial infrastructure and was complex to manage as many legacy solutions include tools, often from different vendors originally, for a broad range of capabilities from operating system patching through to antivirus or even desktop customisation. Osirium’s Privileged Endpoint Management (PEM) solution is a new approach and built to be lightweight and highly focused on the primary need: removing the need for Local Administrator accounts on Windows desktops and laptops while not interfering with the computer user’s daily work.

PEM allows organisations to remove local administrator rights from users, while at the same time enabling them to have escalated privileges only for specific processes and executables. The balance tips back towards productivity while increasing the organisation’s security posture.

Introducing PEM

Balancing the need for security on Windows endpoints with keeping end-users productive is difficult. That’s where Privileged Endpoint Management (PEM) is critical to addressing those needs and reducing the load on help desks.

Launch Video

Windows Desktop Extension

A natural extension to the Windows desktop

Osirium PEM is a natural extension to the Windows desktop.

Accessed from the application icon context menu, the user requests permission to execute as an Administrator using PEM. For whitelisted applications, the application starts with elevated privileges. The session is logged by Windows as running with the real user’s credentials but with elevated privileges maintaining a complete audit trail.

Streamlined Workflow

PEM learns which applications users need to run with elevated privileges which is reviewed by an Administrator to create a “whitelist” of approved applications and a list of applications to be denied access, based on filename, publisher, and digital signature. Once learning is complete, the local admin accounts can be removed and PEM is put into “enable” mode.

If there are any applications that weren’t identified during the learning phase, the user requests the application is added to their group and they can continue working. As these are exceptions, for most of their time, users continue to work as normal without interruption.

Remote access request
PEM Activity Log

Powerful Admin Tools

The PEM Administrator Interface controls application whitelisting, policies and logs all PEM activity. From a single console, the administrator can review all application elevations and requests for new applications to be approved during the learning phase.


Least Privilege

Enforce "Least Privilege"

End-users only need user-level accounts.

  • Remove local admin privileges
  • Elevate the application, not the user
Run Privileged Applications

Run Privileged Applications

Approved applications can be run with elevated permissions without contacting IT.

  • Users run approved applications as normal using the application context menu
Show Compliance

Show Compliance

Track which privileged applications are used, by whom and when

  • Audit trail of authorisations and usage to show policy compliance
  • Elevated applications are always run in the context of the real user for audit trails
Reduce load on help desks

Reduce Help Desk Load

Reduce the need for users to call the IT help desk to run privileged applications.

  • Define and deploy policies to allow users to run approved applications as Administrator without contacting the help desk
Manage Permissions

Manage Permissions

Permissions are granted as policies to reduce IT effort deploying rules.

  • Define permissions for Active Directory groups
Automated Learning

Automated Learning

Applications to run with elevated privileges are automatically discovered while users perform their normal work

  • Actual applications used are approved, not an arbitrary list
  • Applications are identified to prevent tampering and to ensure only approved versions are used
PEM Datasheet

Get more information

Download the Osirium PEM Datasheet for more information.

Introduction to PEM

Introducing PEM