Restrict an Application's Process Rights
This scenario describes the process involved in restricting an You can restrict an application's process rights . This sample scenario guides you through the necessary steps, using using Application Control Solution, the default Limit Internet Explorer, and Outlook process rights policy.
Scenario Description
In this scenario, the end user has This document describes the process for restricting an application's process rights.
In the following scenario, you must have the following:
- Internet Explorer (IE) installed
- A user account with administrative rights
- Network Messenger Service enabled and running
With this configuration, Internet Explorer IE has inherited administrative rights from the user and is therefore able to stop Windows Servicesservices.
...
Access the application control policies page
To access the Application Control Policies page, do the following steps:
...
- In the Thycotic Security Manager, click the Policies tab
...
- Click Application Control > Policies> Privilege Management > Limit Internet Browser and Mail Client Process Rights
...
- .
- In the right pane, toggle on the policy.
Prevent IE from stopping Windows services
To prevent Internet Explorer IE from stopping Windows services, perform the following steps:
- In the right pane, enable the application by using the On/Off toggle.
- Open
...
- IE.
- Select File > Open and then browse to cmd.exe in the SYSTEM directory.
- Attempt to stop the MSN Messenger service using the command line: NET STOP Messenger.
An Application Control message appears on the taskbar stating "IEXPLORER.EXE has had its rights reduced" and you are unable to stop the service.