Application Control powered by AppSense

Ivanti Application Control is the new name for AppSense Application Manager

Configuration Object

The Application Control Object Types include the Configuration object and the Configuration Helper object. The Configuration object represents the Application Control configuration. It is solely concentrated on data and contains no business logic.

In this section:

Generic Base Types for Collections

Map

Methods:

Add(ValueType item)

Description: Adds a new item into the collection.

Parameters: item - The value to be added.

Remove(KeyType kt)

Description: Removes the value with the given key from the collection.

Parameters: kt - The key of the value to remove from the collection.

Item(KeyType kt)

Description: Accessor for a value within the collection

Returns: The item (value) with the given key.

Parameters: kt - The key of the requested value.

Array

Methods:

Add(ValueType item)

Description: Adds a new item into the collection.

Parameters: item - the value to be added.

Remove(LONG index)

Description: Removes the item at the given position within the collection.

Parameters: index - The 0-based index of the value to remove.

Item(LONG index)

Description: Accessor for the item (value) at the given position within the collection.

Parameters: index - The 0-based index of the requested value.

Strongly Typed Collections

Collection: ArchiveFolderCollection

BaseType: Array

ValueType: ArchiveFolder

Collection: AuditEventFilterDictionary

BaseType: Map

ValueType: AuditEventFilter

Key: File

Collection: ApplicationGroupDictionary

BaseType: Map

ValueType: ApplicationGroup

Key: Path

Collection: CustomRuleDictionary

BaseType: Map

ValueType: CustomRule

Key: Name

Collection: DeviceDictionary

BaseType: Map

ValueType: Device

Key: Host

Collection: DeviceRuleDictionary

BaseType: Map

ValueType: DeviceRule

Key: Name

Collection: DriveCollection

BaseType: Map

ValueType: Drive

Key: Path

Collection: EngineeringKeyCollection

BaseType: Array

ValueType: EngineeringKey

Collection: FileCollection

BaseType: Map

ValueType: File

Key: CommandLine

Collection: FileExtensionDictionary

BaseType: Map

ValueType: FileExtension

Key: Name

Collection: FolderCollection

BaseType: Map

ValueType: Folder

Key: Path

Collection: GroupRuleDictionary

BaseType: Map

ValueType: GroupRule

Key: DisplayName

Collection: NetworkConnectionCollection

Base Type: Map

Value Type: NetworkConnection

Key: Path

Collection: ProcessRuleDictionary

Base Type: Map

Value Type: ProcessRule

Key: Name

Collection: ScriptedRuleDictionary

BaseType: Map

ValueType: ScriptedRule

Key: Name

Collection: SignatureFileCollection

BaseType: Map

ValueType: SignatureFile

Key: CommandLine

Collection: TimeRangeCollection

BaseType: Array

ValueType: TimeRange

Collection: TrustedApplicationCollection

BaseType: Array

ValueType: TrustedApplication

Collection: TrustedOwnerDictionary

BaseType: Map

ValueType: TrustedOwner

Key: DisplayName

Collection: UserRuleDictionary

BaseType: Map

ValueType: UserRule

Key: DisplayName

Collection: URMPolicyDictionary

BaseType: Map

ValueType: URMPolicy

Key: Name

Collection: URMGroupBehaviourDictionary

BaseType: Map

ValueType: URMGroupBehaviour

Key: DisplayName

Collection: URMPrivilegeDictionary

BaseType: Map

ValueType: URMPrivilege

Key: Name

Collection: URMRuleItemDictionary

BaseType: Map

ValueType: URMRuleItem

Key: KeyPath

Collection: URMRuleItemPolicyDirectory

BaseType: Map

ValueType: URMRuleItemPolicy

Key: KeyPath

Object Definitions

Object: Access Times

Property Type Description
MondayTimeRangeCollection TimeRangeCollection A collection of time ranges that are applied on Mondays.
TuesdayTimeRangeCollection TimeRangeCollection A collection of time ranges that are applied on Tuesdays.
WednesdayTimeRangeCollection TimeRangeCollection A collection of time ranges that are applied on Wednesdays.
ThursdayTimeRangeCollection TimeRangeCollection A collection of time ranges that are applied on Thursdays.
FridayTimeRangeCollection TimeRangeCollection A collection of time ranges that are applied on Fridays.
SaturdayTimeRangeCollection TimeRangeCollection A collection of time ranges that are applied on Saturdays.
SundayTimeRangeCollection TimeRangeCollection A collection of time ranges that are applied on Sundays.

Object: ApplicationGroup

Property

Type Description
Path   BSTR The name of the Application Group.
Description   BSTR The description of the group.

Files  

FileCollection

Collection of files contained in

this group.

Folders

FolderCollection

 

Collection of folders contained

in this group.

SignatureFiles

SignatureFileCollection

Collection of signature files contained

in this group.

NetworkConnections

NetworkConnectionCollection

Collection of network connections contained within this group.

Drives DriveCollection Collection of drives contained within this group.

Object: ArchiveFolder

Property Type Description
Path   BSTR Full path to folder.

Object: ArchivingSettings

Description   Type Description
ArchivingEnabled VARIANT_BOOL Specify whether to use archiving. Default = False
NoAdminOwnedFiles VARIANT_BOOL Enable administrator-owned files to be ignored. Default = False
OverwriteExistingFiles VARIANT_BOOL Specify whether files copied to the archive should overwrite existing files. Default = True
AnonymousEnabled VARIANT_BOOL Specify whether file should have any user information stripped.
TotalLimit LONG The maximum size of the archive in MB. Default = 50.
UserLimit LONG The maximum size of a user’s archive in MB. Default = 25.
ArchiveLessThanEnabled VARIANT_BOOL Specify whether only files smaller than a certain size will be archived. Default = False.
ArchiveLessThanAmount LONG The maximum size of a file that will be copied to the archive. Default = False
OverwriteOldest VARIANT_BOOL Specify whether the oldest file in the archive are overwritten when the archive is full. Default = False.
ArchiveFolders ArchiveFolderCollection A list of archive folder locations, the first location in the list will be given preference, the last location given the lowest preference.

Object: AuditEventFilter

Property Type Description
File BSTR The file name/extension to which this filter will be applied.
Events BSTR A semi-colon delimited list of events. For example, 9005;9006;9007.

Object: AuditEventFiltering

Property Type Description
Enabled VARIANT_BOOL Specify whether event filtering is enabled. Default = True.
Files AuditEventFilterDictionary The list of event filters.

Object: Configuration

Description   Type Description
Info ConfigurationInfo Configuration metadata
DefaultRules DefaultRules Default rules settings.
MessageSettings MessageSettings Settings to allow customization of Application Control generated message boxes.
ArchivingSettings ArchivingSettings Options for files that are archived.
UserRules UserRuleDictionary Collection of configured user rules.
ApplicationGroups ApplicationGroupDictionary Library of Application Groups.
ProcessRules ProcessRuleDictionary Collection of configured Process Rules
GroupRules GroupRuleDictionary Collection of configured group rules.
DeviceRules DeviceRuleDictionary Collection of configured device rules.
CustomRules CustomRuleDictionary Collection of configured custom rules.
ScriptedRules ScriptedRuleDictionary Collection of configured scripted rules.
EngineeringKeys EngineeringKeyCollection Collection of engineering keys.
URMPolicies URMPolicyDictionary Library of User rights policies.
AuditEventFilteringSettings AuditEventFiltering Options relating to which audit events are reported.
OnDemandConfigChangeSettings OnDemandConfigChangeSettings Options relating to Policy Change Requests

Object: ConfigurationInfo

Property Type Description
Name B STR The name of the configuration.
UniqueIndentifier BSTR The unique ID for the configuration.
Version   LONG The configuration version.
Notes   BSTR Any appropriate notes.
RevisionLevel LONG The configuration

Object: CustomRule

Description   Type Description
DisplayName BSTR The account name.
SID BSTR The account SID.
Devices DeviceDictionary Collection of devices to which this rule applies.
Name BSTR The name of the rule.
SecurityLevel SecurityLevel The level of restriction applied to this rule.
AccessibleApplicationGroups ApplicationGroupReferenceDictionary Collection of allowed Application Groups.
AccessibleFiles FileCollection Collection of allowed files
AccessibleFolders FolderCollection Collection of allowed folders.
AccessibleDrives DriveCollection Collection of allowed drives.
AccessibleSignatures SignatureFileCollection Collection of allowed signatures.
AccessibleNetworkConnections NetworkConnectionCollection Collection of accessible network connections.
ProhibitedApplicationGroups ApplicationGroupReferenceDictionary Collection of denied Application Groups.
ProhibitedFiles FileCollection Collection of denied files.
ProhibitedFolders FolderCollection Collection of denied folders.
ProhibitedDrives DriveCollection Collection of denied drives.
ProhibitedSignatures SignatureFileCollection Collection of denied signatures.
ProhibitedNetworkConnections NetworkConnectionCollection Collection of denied network connections.
TrustedVendors DigitalCertificateCollection Collection of trusted vendors’ digital certificates.
UserRightsRules   URMRules Configured settings for user privileges rules.

Object: DefaultRules

Description   Type Description
TrustedOwnershipChecking   VARIANT_BOOL Enable trusted ownership checking. Default = True
ChangeFileOwnershipOnOverwriteOrRename   VARIANT_BOOL Enable a change of file ownership when a file is overwritten or renamed. Default = True
TrustedOwners TrustedOwnerDictionary   A collection of configured Trusted Owners.
LocalDrivesAccessible VARIANT_BOOL Specify whether the local drives are allowed by default. Default = True
IgnoreRestrictionsDuringLogon . VARIANT_BOOL Allows restrictions to be ignored until the logon process is complete
AllowCMDForBatchFiles VARIANT_BOOL Allows cmd.exe to run if it is run via execution of a batch file. Default = True
ExtractSelfExtractingZIPFiles VARIANT_BOOL Specify whether Application Control should extract self-extracting .ZIP files. Default = True
ValidateSystemProcesses VARIANT_BOOL Specify whether system process will be subject to Application Control rules processing. Default = False
ValidateMSI VARIANT_BOOL Specify whether Windows Installer (.MSI) packages are validated.
ValidateWSH VARIANT_BOOL Specify whether Windows Script Host (.WSH) files are validated. Default = True
ValidateREG VARIANT_BOOL Specify whether Windows Registry (.REG) files are validated. Default = True
DoExtensionFiltering VARIANT_BOOL Enable extension filtering. Default = False
ExtensionFilteringScope FileExtensionFilteringScope Specify whether the file extensions in the FileExtensions property are included or excluded from rules processing. Default = Exclude
FileExtensions FileExtensionDictionary A list of extensions used for extension filtering.
ApplicationAccessEnabled VARIANT_BOOL Specify whether Application Access Control is enabled. Default = True.
ANACEnabled VARIANT_BOOL Specify whether Application Network Access control is enabled. Default = True.
URMEnabled VARIANT_BOOL Specify whether User Privileges Management is enabled. Default = True.
IgnoreRestrictionsDuringActiveSetup VARIANT_BOOL Ignore restrictions during active setup. Default = False.
ProhibitFilesOnRemovableMedia VARIANT_BOOL Prohibit files on removable media. Default = True.

Object: Device

Property Type Description
Host BSTR The host address.
HostType DeviceType Specify whether the address refers to a computer or a connecting device. Default = Computer
NameType HostNameType Specify whether the address is a host name of IP address. Default = HostName

Object: DeviceRule

Description   Type Description
Devices DeviceDirectory Collection of devices to which this rule applies.
Name BSTR The name of the rule.
SecurityLevel SecurityLevel The level of restriction applied to this rule.
AccessibleApplicationGroups ApplicationGroupReferenceDictionary Collection of accessible Application Groups.
AccessibleFiles FileCollection Collection of allowed files.
AccessibleFolders FolderCollection Collection of allowed folders.
AccessibleDrives DriveCollection Collection of allowed drives.
AccessibleSignatures SignatureFileCollection Collection of allowed signatures.
AccessibleNetworkConnections NetworkConnectionCollection Collection of allowed network connections
ProhibitedApplicationGroups ApplicationGroupReferenceDictionary Collection of denied Application Groups.
ProhibitedFiles FileCollection Collection of denied files.
ProhibitedFolders FolderCollection Collection of denied folders
ProhibitedDrives DriveCollection Collection of denied drives.
ProhibitedSignatures SignatureFileCollection Collection of denied signatures.
ProhibitedNetworkConnections NetworkConnectionCollection Collection of denied network connections.  

Object: DigitalCertificate

Property Type Description
Path BSTR Unused for this object.
Description BSTR The description of the digital certificate.
EnforceExpiryDate VARIANT_BOOL Specify whether the expiry date verification will be applied to this certificate. Default = False
RawCertificateData BSTR The base64 encoded digital certificate.
ExpiryDate BSTR The certificate expiry date.
ErrorIgnoreFlags LONG A bitwise OR operation of the ErrorIgnoreFlags values below. Default = 0

ErrorIgnoreFlags

CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG 0x00000001

CERT_CHAIN_POLICY_IGNORE_CTL_NOT_TIME_VALID_FLAG 0x00000002

CERT_CHAIN_POLICY_IGNORE_NOT_TIME_NESTED_FLAG 0x00000004

CERT_CHAIN_POLICY_IGNORE_INVALID_BASIC_CONSTRAINTS_FLAG 0x00000008

CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG 0x00000010

CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAG 0x00000020

CERT_CHAIN_POLICY_IGNORE_INVALID_NAME_FLAG 0x00000040

CERT_CHAIN_POLICY_IGNORE_INVALID_POLICY_FLAG 0x00000080

CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG 0x00000100

CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG 0x00000200

CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG 0x00000400

CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG 0x00000800

Object: Drive

Property Type Description
Path BSTR Full path to drive.
Description BSTR The drive description.

Object: File

Property Type Description
Path BSTR Full path to file.
Description BSTR The file description.
Arguments BSTR The command line arguments used for spawning a process.
CommandLine BSTR The full command line (Path + Arguments) when a file is run.
ApplyAccessTimes VARIANT_BOOL Specify whether access times are to be applied. Default = False
AccessTimes AccessTimes Collection of access times to be applied.
TrustedOwnershipChecking VARIANT_BOOL Specify whether the file is subject to Trusted Ownership checking. Default = True
ApplicationLimit  LONG The number of concurrent instances of this file that can be executed (0 means unlimited). Default = 0

Object: FileExtension

Property Type Description
Name BSTR File Extension.

Object: FileMetaData

Description   Type Description
ProductVersionMaximum BSTR The maximum product version number to match.
ProductVersionMaximumEnabled VARIANT_BOOL Enables/Disables the use of the ProductVersionMaximum property.
ProductVersionMinimum   BSTR The minimum product version number to match.
ProductVersionMinimumEnabled VARIANT_BOOL Enables/Disables the use of the ProductVersionMinimum property.
FileVersionMaximum BSTR The maximum file version number to match.
FileVersionMaximumEnabled   VARIANT_BOOL Enables/Disables the use of the FileVersionMaximum property.
FileVersionMinimum BSTR The minimum file version number to match. Format is <major>.<minor>.<build>.<revision> where each element is a number or the '*' wildcard character to match anything.
FileVersionMinimumEnabled VARIANT_BOOL Enables/Disables the use of the FileVersionMinimum property.
VendorName BSTR The Vendor Name to match against. Wildcard characters '*' and '?' are supported to match any substring or single character.
VendorNameEnabled VARIANT_BOOL Enables/Disables the use of the VendorName property.
ProductName BSTR The Product Name to match against. Wildcard characters '*' and '?' are supported to match any substring or single character.
ProductNameEnabled VARIANT_BOOL   Enables/Disables the use of the ProductName property.
CompanyName BSTR The Company Name to match against. Wildcard characters '*' and '?' are supported to match any substring or single character.
CompanyNameEnabled VARIANT_BOOL Enables/Disables the use of the CompanyName property.
FileDescription BSTR The File Description to match against. Wildcard characters '*' and '?' are supported to match any substring or single character.
FileDescriptionEnabled   VARIANT_BOOL Enables/Disables the use of the FileDescription property.

ObjectFolder

Property Type Description
Path BSTR Full path to folder.
Description BSTR The folder description.
ApplyAccessTimes VARIANT_BOOL Specify whether access times are to be applied.
AccessTimes AccessTimes Collection of access times to be applied.
TrustedOwnershipChecking VARIANT_BOOL Specify whether the folder is subject to Trusted Ownership checking. Default = True
Recursive VARIANT_BOOL Whether rules are applied to sub-folders. Default = True

Object: GroupRule

Description   Type Description
DisplayName . BSTR The account name
SID. BSTR The account SID
Name BSTR . The name of the rule
SecurityLevel SecurityLevel The level of restriction applied to this rule.
Groups ApplicationGroupReferenceDictionary Collection of allowed Application Groups.
AccessibleFiles FileCollection Collection of allowed files.
AccessibleFolders FolderCollection Collection of allowed folders.
AccessibleDrives DriveCollection Collection of allowed drive.
AccessibleSignatures SignatureFileCollection Collection of allowed signatures.
AccessibleNetworkConnections NetworkConnectionCollection Collection of allowed network connections.
ProhibitedApplicationGroups ApplicationGroupReferenceDictionary Collection of denied Application Groups.
ProhibitedFiles FileCollection Collection of denied files.
ProhibitedFolders FolderCollection Collection of denied folders.
ProhibitedDrives DriveCollection Collection of denied drives.
ProhibitedSignatures SignatureFileCollection Collection of denied signatures.
ProhibitedNetworkConnections NetworkConnectionsCollection Collection of denied network connections.
TrustedVendors DigitalCertificateCollection Collection of trusted vendors’ digital certificates.
UserRightsRules URMRules Configured settings for User Privileges rules.

Object: MessageSettings

Property Type Description
DisplayInitialWarningMessage  VARIANT_BOOL Determines whether the user should be warned that an application is about to be closed due to its allowed time having expired.
CloseApplication VARIANT_BOOL Determine whether an application with an expired allowed time should be sent a WM_CLOSE to allow the user chance to save work.
TerminateApplication VARIANT_BOOL Determine whether an application with an expired allowed time should be forcefully terminated.
WaitTime LONG The delay period between warning the user, sending a WM_CLOSE and terminating the application. This value is in seconds.
AccessDeniedMessageCaption BSTR The caption for the denied message box.
AccessDeniedMessageBody BSTR The text for the denied message box.
ApplicationLimitsExceededMessageCaption BSTR The caption for the message box that is displayed when an application has reached its application limit.
ApplicationLimitsExceededMessageBody BSTR The text for the message box that is displayed when an application has reached its application limit.
TimeLimitsWarningMessageCaption BSTR The caption for the message box that is displayed when an application has reached the end of its allowed time.
TimeLimitsWarningMessageBody BSTR The text for the message box that is displayed when an application has reached the end of its allowed time.
TimeLimitsDeniedMessageCaption BSTR The caption for the message box that is displayed when an application is denied due to a time restriction.
TimeLimitsDeniedMessageBody BSTR The text for the message box that is displayed when an application is denied due to a time restriction.
SelfAuthorizationMessageCaption BSTR The caption for the message box that is displayed when user authorization is required to run a file.
SelfAuthorizationMessageBody BSTR The text for the message box that is displayed when user authorization is required to run a file.
SelfAuthorizationResponseCaption   BSTR The text for the message box that is displayed when the user has previously self-authorized a file to run.
SelfAuthorizationResponseBody BSTR The caption for the message box that is displayed when the user has previously self-authorized a file to run.

Object: NetworkConnection

Property Type Description
Path BSTR Full path to network resource.
Description BSTR The description of the network resource.
Address BSTR The address of the network resource, for example, www.bbc.co.uk.
Resource BSTR The resource path, for example \weather.
Port BSTR The port to which this network connection applies,  if appropriate.
UseWildcards VARIANT_BOOL Specify whether any part of the whole network location contains wildcards.
AddressType NetworkConnectionType The connection type. Default = False
Recursive   VARIANT_BOOL Specify whether child resources are included as part of this connection.

Object: OnDemandConfigChangeSettings

Property Type Description
OnDemandEnabled VARIANT_BOOL Global On/Off for Policy Change Request. Default = False
EmailRequestsEnabled VARIANT_BOOL Enables the Email Request functionality for Policy Change Requests. Default =True.
MailToAddress BSTR BSTR Specifies the Recipient Email Address
EmergencyRequestsEnabled VARIANT_BOOL Enables the Immediate Change Request functionality. Default = True.
HelpDeskPhoneNumber BSTR Specifies the phone number for the Help Desk.
SharedKey BSTR Specifies the salt for use in encryption algorithms. Must use ASCII characters and match the key used by the Help Desk. This is to be used in conjunction with the ConfigurationHelper object. For further information, see Policy Change Request.
RequestMethods OnDemandConfigChangeUserInteractionSetup Configures the request methods.

Object: OnDemandConfigChangeUserInteractionSetup

Property Type Description
AllowLinkFromAMDenied VARIANT_BOOL Enable link through from AMDenied Message. Default = True.
AMDeniedLinkText BSTR Specify the text displayed in the AMDenied. Message dialog link.
ShowShellMenu VARIANT_BOOL Enables the right-click context option menu. Default = True.
ShellMenuText BSTR Specify the text displayed in the right-click context menu.
ShowDesktopIcon VARIANT_BOOL Enables the Policy Change Request desktop icon. Default = True.
DesktopIconText   BSTR Specify the text displayed on the Policy Change Request desktop icon.

Object: ProcessRule

Property Type Description
SecurityLevel SecurityLevel The level of restriction applied to this rule.
AccessibleApplicationGroups ApplicationGroupReferenceDictionary Collection of allowed Application Groups.
AccessibleFiles FileCollection Collection of allowed files.
AccessibleFolders FolderCollection Collection of allowed folders.
AccessibleDrives DriveCollection Collection of allowed drive.
AccessibleSignatures SignatureFileCollection Collection of allowed signatures.
AccessibleNetworkConnections NetworkConnectionCollection Collection of allowed network connections.
ProhibitedApplicationGroups ApplicationGroupReferenceDictionary Collection of denied Application Groups.
ProhibitedFiles FileCollection Collection of denied files.
ProhibitedFolders FolderCollection Collection of denied folders.
ProhibitedDrives DriveCollection Collection of denied drives.
ProhibitedSignatures SignatureFileCollection Collection of denied signatures.
ProhibitedNetworkConnections NetworkConnectionsCollection Collection of denied network connections.
TrustedVendors DigitalCertificateCollection Collection of trusted vendors’ digital certificates.
UserRightsRules URMRules Configured settings for User Privileges rules.
FileProcessItems FileCollection Collection of processes to which this rule applies.
SignatureProcessItems SignatureProcessItems   Collection of processes to which this rule applies, defined by signature.

Object: ScriptedRule

Property Type Description
EntryFunction BSTR The function that will be executed when the script is launched.
Script BSTR The body of the script.
Context ExecutionContext The context in which the script executed. Default = PerSessionAsUser.
WaitForLogin VARIANT_BOOL Specify whether the execution of the script will be delayed until the login process is complete. Default = False
Timeout LONG The timeout period a script is given before being terminated.
Name BSTR The name of the rule.
SecurityLevel SecurityLevel The level of restriction applied to this rule.
AccessibleApplicationGroups ApplicationGroupReferenceDictionary Collection of allowed Application Groups.
AccessibleFiles FileCollection Collection of allowed files.
AccessibleFolders FolderCollection Collection of allowed folders.
AccessibleDrives DriveCollection Collection of allowed drive.
AccessibleSignatures SignatureFileCollection Collection of allowed signatures.
AccessibleNetworkConnections NetworkConnectionCollection Collection of allowed network connections.
ProhibitedApplicationGroups ApplicationGroupReferenceDictionary Collection of denied Application Groups.
ProhibitedFiles FileCollection Collection of denied files.
ProhibitedFolders FolderCollection Collection of denied folders.
ProhibitedDrives DriveCollection Collection of denied drives.
ProhibitedSignatures SignatureFileCollection Collection of denied signatures.
ProhibitedNetworkConnections NetworkConnectionsCollection Collection of denied network connections.
TrustedVendors DigitalCertificateCollection Collection of trusted vendors’ digital certificates.
UserRightsRules URMRules Configured settings for User Privileges rules.
FileProcessItems FileCollection Collection of processes to which this rule applies.
SignatureProcessItems SignatureProcessItems   Collection of processes to which this rule applies, defined by signature.

Object: SignatureFile

Property Type Description
Path BSTR Full path to the file.
Description BSTR The file description.
Arguments BSTR The command line arguments used for spawning a process.
SHA1 Hash BSTR The SHA1 hash of the file.
CommandLine BSTR The full command line (Sha1Hash + Arguments) when a file is run.
Version BSTR The file version information.
ApplyAccessTimes VARIANT_BOOL Specify whether access time are to be applied. Default = False
AccessTimes AccessTimes Collection of access times to be applied.

Object: TimeRange

Property Type Description
StartHour LONG  The hour at which the time range starts.
EndHour LONG he hour at which the time range ends.

Object: TrustedOwner

Property Type Description
DisplayName BSTR The account name.
SID BSTR The account SID.
Description BSTR The account description.

Object: URMGroupBehaviour

DisplayName B STR The name of the group.
SID BSTR The group's SID.
Action URMGroupAction The action to perform with this group. Default = Add

Object: URMPolicy

Property Type Description
Name BSTR Name of the policy.
Description BSTR A description for the policy.
GroupMembershipActions URMGroupBehaviourDictionary A collection of configured UPM (User Privilege Management) Group Behavior actions.
PrivilegeActions URMPrivilegeDictionary A collection of configured UPM Privilege actions.

Object: URMPrivilege

Property Type Description
Name BSTR Textual description of the privilege.
Privilege URMPrivilegeConstant The privilege being set. Default = SeAssignPrimaryTokenPrivilege
Action   URMPrivilegeAction The action to perform on the privilege Default = NoChange.

Object: URMRuleItem

Property Type Description
KeyPath BSTR The keypath used in collections of URMRuleItems.
Application RuleItem The application for which to apply the User Rights setting. Can be of type File, Folder, Signature File or Application Group.
ApplyToChildren VARIANT_BOOL Setting to specify whether the user rights setting should be applied to any child processes. Default = False.

Object: URMRuleItemPolicy

Property Type Description
KeyPath BSTR The keypath used in collections of URMRuleItems.
Application RuleItem The application to which to apply the User Rights policy. Can be of type File, Folder, Signature File or Application Group.
ApplyToChildren VARIANT_BOOL Setting to specify whether the user rights policy should be applied to any child processes. Default = False.
Policy URMPolicyReference The URM Policy to apply to the application.

Object: URMRules

Property Type Description
URMFiles URMRuleItemPolicyDictionary Collection of files and User Privileges Management (UPM) policies to apply to them.
URMSignatures URMRuleItemPolicyDictionary Collection of signature files and UPM policies to apply to them.
URMFolders URMRuleItemPolicyDictionary Collection of folders and UPM policies to apply to them.
URMApplicationGroups URMRuleItemPolicyDictionary Collection of Application Groups and UPM policies to apply to them.

Object: UserRule

Property Type Description
DisplayName BSTR The account name.
SID BSTR The account SID.
Name BSTR The name of the rule.
SecurityLevel SecurityLevel The level of restriction applied to this rule.
AccessibleApplicationGroups ApplicationGroupReferenceDictionary Collection of allowed Application Groups.
AccessibleFiles FileCollection Collection of allowed files.
AccessibleFolders FolderCollection Collection of allowed folders.
AccessibleDrives DriveCollection Collection of allowed drive.
AccessibleSignatures SignatureFileCollection Collection of allowed signatures.
AccessibleNetworkConnections NetworkConnectionCollection Collection of allowed network connections.
ProhibitedApplicationGroups ApplicationGroupReferenceDictionary Collection of denied Application Groups.
ProhibitedFiles FileCollection Collection of denied files.
ProhibitedFolders FolderCollection Collection of denied folders.
ProhibitedDrives DriveCollection Collection of denied drives.
ProhibitedSignatures SignatureFileCollection Collection of denied signatures.
ProhibitedNetworkConnections NetworkConnectionsCollection Collection of denied network connections.
TrustedVendors DigitalCertificateCollection Collection of trusted vendors’ digital certificates.
UserRightsRules URMRules Configured settings for User Privileges rules.

Enumerations

Name: Device Type

Computer = 0

ConnectingDevice = 1

Name: ExecutionContext

PerSessionAsUser = 0

PerSessionAsSystem = 1

PerComputerAsSystem = 2

Name: FileExtensionFilteringScope

Exclude = 0

Include = 1

Name: HostNameType

HostName = 0

IPAddress = 1

Name: NetworkConnectionType

HostAddress = 0

IPAddress = 1

UNCPath = 2

Name: ScriptingLanguage

VBScript = 0

PowerShell = 1

Name: SecurityLevel

Restricted = 0

SelfAuthorizing = 1

Unrestricted = 2

AuditOnly = 3


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other