Commandline filters

A commandline filter examines the commandline of a running application (excluding the primary executable) and applies a pattern match (for example, an exact, partial or regular expression).

System utility arguments filters

All of the commands in the commandline folder are built in and are used by the Application Control Policy Wizard when it creates an elevation policy for certain system options. These filters are all partial matches that will elevate an application if that command is present.

Example

Use the defragment component (dfrg.msc) filter to elevate the disk defragmenter. When standard users click the performance monitor to launch the application, the actual commandline that is executed is "C:\Windows\System32\mmc.exe 'C:\Windows\Sysetm32\perfmon.msc'," thus by using the partial match commandline filter of "perfmon.msc," then Thycotic will elevate that application when MMC.exe gets executed with perfmon.msc also in the commandline.

Rather than elevating all of the many different functions that use the same application (for example perfmon and disk defrag both use mmc), Thycotic limits the scope using command line filters; this is how all of the commandline filters work.

Built-in commandline filters

The Commandline folder includes the following built-in filters:

System Utility Arguments
- Add Printer Commandline Arguments
- Backup and Restore Commandline Arguments
- Defragment Component (dfrg.msc)
- Hardware Wizard Applet
- Network Adapter Elevate Attempt
- Performance Monitor Component (perfmon.msc)
- System Control Panel Applet
- Time and Date Control Panel Applet

Limit scope of things to elevate

You can create custom commandlines according to your own needs and wants. Custom commandlines are used most often to limit the scope of what to elevate.