In order to automatically elevate installers regardless of location you can target those installers by internal file details and/or a certificate. It is also possible to automatically elevate installers by scanning a trusted location and then elevating those installers by the installer hash. To create the server scanning task and elevation policies, do the following:
- In the Thycotic Security Manager Console, import the "Application Control - UNC Elevation Policy Template" data feed (for instructions on how to import data feeds, go to Using Data Feeds).
- Click on the Policies tab
- Navigate to Policies > Arellia Thycotic Solutions > Application Control > Policies
- Right-click on the Policies folder and select New > UNC Share Elevation Policy
- Set the Policy Name and UNC Path
- Arellia Thycotic will then create 2 policies, one for EXE files and one for MSI files.
Network File Scan Server Task
When the new policies are created, Arellia Thycotic automatically creates a server file inventory task to automatically scan the files in that network location. By default the scan will only happen once, but can be scheduled to be updated as often as needed.
- Click on the Tasks tab
- Navigate to Jobs and Tasks > Server Tasks > File Inventory
- Select the Task that has the UNC path in the title
Viewing Installers Automatically Elevated
To view the installers that will be automatically elevated by the 2 new elevation policies, do the following:
- Click on the Policies tab
- Navigate to Policies > Arellia Thycotic Solutions > Application Control > Filters > Inventory Filters > File Parameter Collections
- Select the Filter that has the UNC path in the title
...