...
What's Covered
Create an Environment Variable Action
Create a Blank Application Control Policy
Using Application Control Solution you can be used to override UAC prompts for end-users. This means that instead of end-users seeing a UAC prompt prompting for credentials, they can see a custom message asking them to provide a reason for why they need administrator rights. These reasons can then capture You can create custom messages that require users to submit a reason for requesting administrator rights, which replace UAC prompts for credentials.
You can create three types of custom messages: (For details on how to create this custom message, go to
- Self-Elevation Without Adding Administrator Rights will capture the reason and close the application
...
- . (For details on how to create this custom message, go to Self-Elevation Without Adding Administrator Rights.)
- Self-Elevation will capture the reason and allow end users to automatically have administrator rights
...
- . (For details on how to create this custom message, go to Self-Elevation.)
- Request Elevation will capture the reason and go through an approval process with the help desk.
...
Info |
---|
Introduced in Arellia 8.0 |
Steps
- Navigate to Policies > Arellia Solutions > Application Control > Filters > Dynamic Filters > Environmental Variables
- Right-click Environment Variables and select New > Environment Filter
- Give the filter a name, such as UAC Detected
- Set the variable name to __APPINFO_RUNADMIN with a value of 1
- Set the Match Type to Partial
- Save the filter
- Navigate to Policies > Arellia Solutions > Application Control > Actions > Environment Variables
- Right-click Environmental Variables and select New > Set Environment Variable Action
- Give the action a name, such as Clear UAC dialog
- Set the Environmental Variable name to "__APPINFO_RUNADMIN" and empty value
- Save the action (this action is used to prevent the UAC prompt from showing)
- Navigate (For details on how to create this custom message, go to Request Elevation.)
Overriding UAC prompts is a three-step process:
- There is an out-of-the-box Environment Variable Filter called User Access Control Consent Dialog Detected.
- There is an out-of-the-box Environment Variable Action called Suppress User Account Control Consent Dialog, which you'll use to prevent the UAC prompt from appearing.
- Create a Blank Application Control Policy.
- Test the New Policy
Anchor | ||||
---|---|---|---|---|
|
Next, create a Blank Application Control Policy by doing the following steps:
- In the file library in the left pane, navigate to Policies > Arellia Solutions > Application Control > Policies Policies.
- Right-click Policies and select click New > Blank Application Control Policy Set the application target to the new UAC detected filter from step 2Policy.
- In the Create Item dialog, enter a Name and Description.
- In the right pane under the Applications to Control, click the Applications link and choose the new Environment Variable Filter. (Optionally you can change this so only certain applications or certain users will have see the UAC overridden UAC prompt overridden.)
- Under Exclude conditions add Under Conditions (optional), click the Exclude any and add the Administrators filter to stop child processes (which inherit elevation) from triggering this policy.
- Click on the Application Actions tab and set the action to the Clear UAC dialog action from step 6Also set the action to include one of the following:Add Administrator Rights, and .
- To the right of Applications, select Application action and then click the Select link.
- In the Select Items dialog box, select the following:
- The Environment Variable Action you created previously.
- Add Administrator Rights.
- Justify Application Elevation Dialog (this will behave like Selflike Self-Elevation).
- Add Administrator Rights, and Justify Application Elevation (kill process) Dialog (will behave like Selflike Self-Elevation Without Adding Administrator Rights).
- Add Administrator Rights, and Approval Request Form Action (will behave like Request like Request Elevation).
- Click Save.
Anchor | ||||
---|---|---|---|---|
|
To test the
...
new policy, do the following steps:
- Update the policies on an endpoint.
- Test the policy by right-clicking Command Prompt and selecting click Run as administrator .
Instead of seeing UAC, you
...
will see the custom message
...
shown in the following screenshot.
The recorded response will then be sent to the Arellia Management Server where it can be reviewed by the help desk team.