When you remove administrative rights for applications using the Remove Administrative Rights action, there is an advanced feature that allows you to apply restricted Security Identifiers (SIDs), further restricting access to securable objects.
When you specify any Restricted SID then not only does the Security Descriptor need to allow access to the user, but also allow access explicitly to the Restricting SID.
[[Who should use this advanced feature?]]
[[Adjust Process Rights Improvements
Adjust Process Security is an action that allows a process to be protected from tampering by users. ==> how does this apply to Adjust Process Security rather than Remove Admin Rights?]]
[[How does this work in the Console?]]
Our restricted process option leverages the Windows functionality that prevents restricted SID's from having Write access to protected resources. (For more details, go to to Restricted Tokens on on the Windows Dev Center.)
Another Another benefit of this is that Restricted Processes do not have rights to open any network-based resource, such as file servers.
Apply Restricted SID
To apply restricted SID, do the following steps:
- In the Security Manager Console, click the Policies tab.
- In the file library in the left pane, navigate to Arellia Solutions > Application Control > Actions > Process Rights > Remove Administrative Rights.
- In the right pane under Action Type, select the Apply Restricted SID (advanced) check box.
- Click the Save button.
Related Links
...