Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning
titleDraft

Creation in process

...

titleIntroduced in 7.1 SP3

...

Adjusting process security allows a process to be protected from most tampering by users. For example, it can be used to restrict who can stop a process from the task manager. It is also recommended that all adjusting of process security is done in a test environment before it is deployed to the production environment.

Creation of the security descriptor

The security descriptor defines who has what rights to the process that is started.

Image Added

From the "Security Descriptors - User Defined" (Under Policies) we can create a new Process Security Descriptor where we will define what rights each user or group has to the process. (It is strongly recommended that the System has Full Control always.)

Image Added

Creation of a process security action

The Process Security Action is what applies the restrictions to the process when it is created.
Image Added

...

Info
iconfalse

After creating of the new "Set Process Security Descriptor Action" rename the action and choose the newly created Security Descriptor and select Save. The new action appears in the list of actions available under Process Security.

Create a new Application Control policy

After creating a new Application Control Policy and choosing which application(s) it applies to, change the application action to include the new Process Security Descriptor Action.