You can restrict an application's process rights using Application Control Solution, the default Limit Internet Explorer, and Outlook process rights policy. This document describes the process for restricting an application's process rights.
In the following scenario, you must have the following:
- Internet Explorer (IE) installed
- A user account with administrative rights
- Network Messenger Service enabled and running
With this configuration, IE has inherited administrative rights from the user and is therefore able to stop Windows Services.
Access the Application Control Policies Page
To access the Application Control Policies page, do the following steps:
- Once you are in Arellia select the Policies tab
- Select Application Control > Policies > Privilege Management > Limit Internet Browser and Mail Client Process Rights
To prevent Internet Explorer from stopping Windows services, perform the following steps:
- In the right pane, enable the application by using the On/Off toggle.
- Open Internet Explorer, select File > Open and browse to cmd.exe in the SYSTEM directory.
- Attempt to stop the MSN Messenger service using the command line: NET STOP Messenger.
An Application Control message appears on the taskbar stating "IEXPLORER.EXE has had its rights reduced" and you are unable to stop the service.