Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

When you remove administrative rights for applications using the Remove Administrative Rights action, there is an advanced feature that allows you to apply restricted Security Identifiers (SIDs), further restricting access to securable objects.

When you specify any Restricted SID then not only does the Security Descriptor need to allow access to the user, but also allow access explicitly to the Restricting SID.

[[Who should use this advanced feature?]]

 

[[Adjust Process Rights Improvements

Adjust Process Security is an action that allows a process to be protected from tampering by users. ==> how does this apply to Adjust Process Security rather than Remove Admin Rights?]]

[[How does this work in the Console?]]

 

 

Our restricted process option leverages the Windows functionality that prevents restricted SID's from having Write access to protected resources. (For more details, go to Restricted Tokens on the Windows Dev Center.)

 

Another benefit of this is that Restricted Processes do not have rights to open any network-based resource, such as file servers. 

Process Rights

Create Application Actions

Security Descriptors

What is this thing called SID?

 

  • No labels