Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Targeting MSI files with Application Control Policies is a little bit different then targeting standard executable files. This is because MSI files are actually being executed by MSIEXEC.exe. To target MSI files by an elevation policy, do the following:

  1. Navigate to Policies > Arellia Thycotic Solutions > Application Control > Filters > My Filters 
  2. Right-click on My Filters and select New > Dynamic File Filters > File Specification Filter
  3. Name the filter "MSI File Location Specification Filter"
  4. Set the path to the location with the MSI files to be targeted
  5. (optional) Select Include subdirectories
  6. Save the filter 
  7. Right-click on My Filters and select New > Dynamic Filters > Secondary File Filter Filter 
  8. Name the filter "MSI Secondary File Filter"
  9. Set the Filters to the filter created in Step 3
  10. Save the filter 
  11. Navigate to Policies > Arellia Thycotic Solutions > Application Control > Policies > Privilege Management 
  12. Right-click on Privilege Management and select New > Elevate Process Rights 
  13. Name the Policy "Elevate Process Rights for MSI Files Policy"
  14. Set the Applications to the filter created in step 7
  15. Set the Include only to the built-in filter: Microsoft Installer File Filter 
  16. Enable and Save the policy

This policy will then allow the MSI files ONLY in that location to be automatically elevated.

Elevate MSI files on the network share