The Privilege Management folder includes the following built-in policies:
Limit Internet Browser and Mail Clients Process Rights - This policy implements the fundamental security principle of least privilege by restricting the process rights for standard Internet browsers and mail clients. Running these applications with administrative rights can present significant security problems. This policy reduces the risk of an exploit infecting a computer from within these applications.
Limit Popular Instant Messaging Application Process Rights - This policy implements the fundamental security principle of least privilege by restricting the process rights for instant messaging applications. Running these applications with administrative rights can present significant security problems. This policy reduces the risk of an exploit infecting a computer from within theses applications.
Limit Popular Media Player Process Rights - This policy implements the fundamental security principle of least privilege by restricting the process rights for media player applications. Running these applications with administrative rights can present significant security problems. This policy reduces the risk of an exploit infecting a computer from within these applications.
Limit Process Rights for Unclassified Applications Discovered in the Last Week - This policy implements the fundamental security principle of least privilege by restricting the process rights to an application. Unnecessarily running applications using administrative rights can present significant security problems. This policy reduces the risk of an exploit infecting a computer from within an application. This policy affects applications that have been discovered locally in the last week.
User Requested Elevation Justification Policy - This policy allows users to request applications to run with Administrative Rights if users provide justification.