Background
Arellia Application Control Solution provides end users with the ability to Request Run as Administrator so that a program can be launched using Administrative privileges. This is facilitated by enabling the User Requested Elevation Justification Policy in the Arellia Console.
Problem
If the program that has been requested for elevation spawns a child process a new justification prompt will be presented to the user. This is not ideal as a user should not need to know about or justify any child processes, just the parent process that they launched in Windows Explorer.
Resolution
Modify the self elevation policy normally located under Policies > Arellia > Application Control > Privilege Management
Under the Applications to Control tab set the conditions as follows:
- Include only: Add the Interactive Users filter located under Filters > Dynamic Filters > Application Context
- Exclude any: Add the Administrators filter located under Filters > Dynamic Filters > User Context
By making these changes you will prevent the self elevation policy applying multiple times to child processes, but still maintain their elevated state which propagates from the parent process.