Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

A Secondary File filter addresses situations where the intended action is not the primary executable (such as RunDll.exe), but is rather a file specified within the command line. The filter examines the command line of an application to see whether there appears to be a secondary file. If so, then the secondary file filter applies the specified filters to the secondary file.

Secondary File Filters are complicated to set up, but well worth it, if you understand how they work. This topic will attempt to explain how they work and give you a working example of how they can be used. 

MSI File Example

If you want to elevate msi files that are in a network share you cannot use a commandline filter because the following syntax does not work:

"\\SERVER\Share(WILDCARD).msi"

If instead you tried to use a commandline filter you would have to specify each .msi file explicitly and then create several individual elevation policies. The tedium of doing this would ensure that this would never happen.

*NOTE:  *You could just have a commandline as \\SERVER\Share\ which would then elevate anything in the share folder, but if you are specifically only wanting .msi files, the best option would be the Secondary File Filter.

By using a secondary file filter, you target the msiexec.exe (the actual application that launches the .msi files) and then use a secondary file filter to limit the scope.

A secondary file filter is a file filter that takes another filter as a parameter and uses it to filter the second-half of the command-line. For example if the commandline is "msiexec.exe \\SERVER\Share\new_program.msi" then the secondary file filter only checks the \\SERVER\Share\new_program.msi parameter against the filter it references.

For an example of a secondary file filter for use with msiexec and a file share containing msi files to be elvated see alternative solution under MSI Files not elevated by Network Share Elevation Policy

  • No labels