Application Control Policy wizard

Owned by Anonymous
Last updated: Jan 28, 2016 by Max Pinion (Deactivated)
2 min read

Summary

The policy wizard simplifies creation of common types of Application Control policies

Introduced in 7.1 SP1

The Application Control Wizard was introduced in 7.1 SP1

The Application Control wizard is accessible via the Actions section in the top right of the Arellia Console Home page by selecting "Create Application Control Policy".

The Application Control wizard opens in a new window and shows 3 types of policies that can be created - Elevate Privileges, Reduce Privileges, and Deny Applications.

Elevate privileges

After selecting Elevate Privileges, there are 5 options for applications to elevate:

  • Application (by name) - Allows a specific application to be elevated. The application can be defined by Filename, Internal name, Product name, or Path.
  • Script - Allows a specified script by path to be elevated.
  • Shared Location - Allows all applications in a specified UNC Share to be elevated.
  • Signed Executables - Allows applications with a specified digital certificate to be elevated.
  • System Options - Allows several system options to be elevated depending on what is selected to be elevated.
    • Add devices, add printers, backup the system, change the date and time, change network adapter settings, defragment the disk, install language packs, and monitor performance can all be elevated from the wizard.

After selecting what to elevate, the target of the policy can also be defined. After the wizard exits, it will take you to the new policy.

Reduce privileges

After selecting Reduce Privileges, there are 3 options for applications to limit.

  • Application (by name) - Allows a specific application to be limited. The application can be defined by Filename, Internal name, Product name, or Path. It can also have a special message that will appear to the user whenever the application is run.
  • Application (by filter) - Allows a specific filter to be used to limit certain applications. A user message can also be specified.
  • Common Web Browsers - Specified browsers will have their rights reduced. A user message can also be specified.

After selecting what to limit, the target of the policy can also be defined. After the wizard exits, it will take you to the new policy.

Deny applications

After selecting Deny Applications, you can select what applications to deny by using predefined or creating new filters. An optional user message can also be specified. After selecting what to deny, the target of the policy can also be defined. After the wizard exits, it will take you to the new policy.