Self-Elevation Without Adding Administrator Rights
Using the default self-elevation users can give justification and launch applications with administrator rights (for details, go to Self-Elevation). The following steps allow users to request elevation, but not to add administrator rights to the application.
- In the Security Manager Console, click Policies.
- In the file library in the left pane click Policies > Arellia Solutions > Application Control > Actions > Messages > Advanced.
- Right-click Justify Application Elevation Action and click Clone.
- Enter a name for the new elevation action.
- Right-click the cloned message and click View as XML.
- In the XML view dialog box, click Edit.
Scroll down to <terminateExitCode>100</terminateExitCode> and change the "100" to "0."
- Click the Import button.
- In the Confirm Import dialog box, click Yes.
- Close the XML view dialog box.
- In the file library in the left pane, navigate to Policies > Arellia Solutions > Application Control > Policies > Privilege Management > User Requested Elevation Justification Policy.
- In the right pane, click the Application Actions tab.
- Click the link next to Application Action
- In the Select Items dialog box, move the copy of the Justify Application Elevation Message to Selected Items (and also leave the Add Administrator Rights).
- Click OK.
- Click the Save button in the right pane under User Requested Elevation Justification Policy.
These requests will then be viewable in the Event Summary and Acknowledgement Viewer.
Doing the above steps will allow Arellia Application Control to work correctly but will not continue adding administrative rights to a program after a justification is given because you changed the terminateExitCode change from 100 to 0.