Targeting MSI files with Application Control Policies is a little bit different then targeting standard executable files. This is because MSI files are actually being executed by MSIEXEC.exe. To target MSI files by an elevation policy, do the following:
- Navigate to Policies > Arellia Thycotic Solutions > Application Control > Filters > My Filters
- Right-click on My Filters and select New > Dynamic File Filters > File Specification Filter
- Name the filter "MSI File Location Specification Filter"
- Set the path to the location with the MSI files to be targeted
- (optional) Select Include subdirectories
- Save the filter
- Right-click on My Filters and select New > Dynamic Filters > Secondary File Filter Filter
- Name the filter "MSI Secondary File Filter"
- Set the Filters to the filter created in Step 3
- Save the filter
- Navigate to Policies > Arellia Thycotic Solutions > Application Control > Policies > Privilege Management
- Right-click on Privilege Management and select New > Elevate Process Rights
- Name the Policy "Elevate Process Rights for MSI Files Policy"
- Set the Applications to the filter created in step 7
- Set the Include only to the built-in filter: Microsoft Installer File Filter
- Enable and Save the policy
This policy will then allow the MSI files ONLY in that location to be automatically elevated.