Adjusting Process Security allows a process to be protected from most tampering by users.
Adjust Process Security
Adjusting Process Security allows a process to be protected from most tampering by users. For example, it can be used to For example, adjusting process security can restrict who can stop a process from the task manager. It is also recommended that all adjusting of We recommend that you adjust process security is done in a test environment before you deploy it is deployed to the production environment.
...
To include a Process Security Descriptor action in an Application Control policy, you must create a security descriptor and a process security action.
Create a Security Descriptor
The Security Descriptor defines who has what rights to the process that is started.
From the "As shown in the following screenshot, you can create a new Process Security Descriptor by clicking Security Descriptors - User Defined" (Under Policies) we can create a new Process Security Descriptor where we will .
Then define what rights each user or group has to the process. (It is , as shown in the following screenshot.
| Warning | ||
|---|---|---|
| ||
We strongly recommended that |
...
you always set System has Full Control |
...
...
in the security descriptor settings. |
For detailed instructions about how to create a security descriptor, go to Security descriptors.
Create a Process Security Action
The A Process Security Action is what Descriptor action applies the restrictions to the process when it is created.
...
| icon | false |
|---|
...
. To create a Process Security Descriptor action, do the following steps:
- In the Policies tab of the Security Manager Console, right-click the Process Security folder.
- Click New > Set Process Security Descriptor Action.
- Create a name for the new Process Security Descriptor Action.
- Click the Select... link.
- Click the Security Descriptor that you want to attach the new action to.
- Click Save.
The new action appears in the list of actions available
...
in the Process Security
...
Create a new Application Control Policy
After creating a new Application Control Policy and choosing which application(s) it applies to, change the application action to include the new Process Security Descriptor Actionfolder. It is now available to include in an Application Control policy. For details about creating an Application Control policy, go to Create Application Control Policies.