Versions Compared

Old Version 2

changes.mady.by.user Anonymous

Saved on

compared with

New Version Current

changes.mady.by.user Mike Murphy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Restrict an Application's Process Rights

This scenario describes the process involved in restricting an application's process rights. This sample scenario , and guides you through the necessary steps , using the default Limit Internet Explorer and Outlook process rights policy.

Scenario Description

In this scenario, the end user hasInternet Explorer inherits administrative rights from administrator users and is therefore able to stop Windows services, with the following configuration:

  • Internet Explorer installed
  • A user account with administrative rights
  • Network Messenger Service enabled and running

...

Scenario Resolution

To prevent Internet Explorer from stopping Windows services, perform the following steps:

  1. In the Altiris Security Manager Console, select click the Tasks Policies tab.
  2. In the file library in the left pane, select Tasks > Security Management > navigate to Application Control > Windows > Application Control Tasks > Application Control Policies Policies> Privilege Management > Limit Internet Explorer and Outlook process rightsBrowser and Mail Client Process Rights.
    Image Added
  3. In the right pane, select Enableenable the policy by clicking the On/Off toggle.
  4. Open Internet Explorer as an administrator, select File > Open, and then browse to cmd.exe in the SYSTEM
    directory.
  5. Attempt to stop the MSN Messenger service using the command line: NET STOP Messenger.

An Application Control message appears on the taskbar stating "IEXPLORER.EXE has had its rights reduced" and you are unable to stop the service.

Internet browser crashes after applying the Limit Internet Browser and Mail Clients Process Rights policy