Prevent Read and Write to File Types or Network Locations
To prevent read and write access, do the following steps:
- On the managed computer, create a Microsoft Word document and save it to c:\company invoices\invoice 101.doc.
- In the Security Manager Console, click the Policies tab.
- In the file library in the left pane, navigate to Application Control > Policies.
- Right-click Policies and click New > Blank Application Control Policy.
- Give the policy a name and description.
- In the right pane, click the Applications to Control tab.
- Under Conditions (optional), next to Include only, click the Select link.
- In the Select Items dialog box, select the application (for example, MS Word) and click OK.
- Click the Apply to button and choose All Windows Computers with Application Control Agent Installed.
- Click the Application Actions tab and select Send policy feedback.
- Click the Policy Enforcement tab and select Continue enforcing policies for child processes after enforcing this policy.
- Select Deny File Access and click OK.
- In the Deny File Access dialog, enter the following in the appropriate fields:
- Name - Prevent write access of Word documents to Company Invoice directory
- Path - C:\company invoices
- Mime type - Word document
- Click Apply and close the dialog.
- In the Items Selector dialog, select the new Deny File Access Application Action, and click OK.
- Enable the policy and click Apply.
- In Microsoft Word, open C:\company invoices\invoice 101.doc. The file is read only and can't be modified.
Further Testing
- Create a new document and attempt to save it to c:\company invoices\. You will be unable to open it and will receive a File Permission error.
- Verify that a Word document can be created or modified in a different directory.
- In Microsoft Excel, save a spreadsheet to the same location as Step 1. The permissions are limited to Microsoft Word.