Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Restrict an Application's Process Rights

This scenario describes the process involved in restricting an application's process rights. This sample scenario guides you through the necessary steps, using the default Limit Internet Explorer and Outlook process rights policy.

Scenario

...

description

In this scenario, the end user has:

...

With this configuration, Internet Explorer has inherited administrative rights from the user and is therefore able to stop Windows Services.

Scenario

...

resolution

To access the Application Control Policies page: 

  • In the Symantec Management Console, on the Home menu, click Arellia > Application Control
  • In the left pane, select Policies > Application Control > Application Control Tasks > Application Control Policies > Once you are in Arellia select the Policies tab
  • Select Application Control > Policies > Privilege Management > Limit Internet Browser and Mail Client Process Rights

Image RemovedImage Added

To prevent Internet Explorer from stopping Windows services, perform the following steps:

  • In the right pane, enable the application by using the On/Off toggle.
  • Open Internet Explorer, select File > Open and browse to cmd.exe in the SYSTEM directory.
  • Attempt to stop the MSN Messenger service using the command line: NET STOP Messenger.

An Application Control message appears on the taskbar stating "IEXPLORER.EXE has had its rights reduced" and you are unable to stop the service.