Application Control powered by AppSense

Ivanti Application Control is the new name for AppSense Application Manager

Sample Script: Create UPM Policies

The following VB script creates a user privileges management policy:

'URM Group Action options

const AM_URMGroupAction_Add = 0

const AM_URMGroupAction_Drop = 1

'URM Privileges

const AM_URMPrivilegeConstant_SeAssignPrimaryTokenPrivilege = 0

const AM_URMPrivilegeConstant_SeAuditPrivilege = 1

const AM_URMPrivilegeConstant_SeBackupPrivilege = 2

const AM_URMPrivilegeConstant_SeChangeNotifyPrivilege = 3

const AM_URMPrivilegeConstant_SeCreateGlobalPrivilege = 4

const AM_URMPrivilegeConstant_SeCreatePagefilePrivilege = 5

const AM_URMPrivilegeConstant_SeCreatePermanentPrivilege = 6

const AM_URMPrivilegeConstant_SeCreateSymbolicLinkPrivilege = 7

const AM_URMPrivilegeConstant_SeCreateTokenPrivilege = 8

const AM_URMPrivilegeConstant_SeDebugPrivilege = 9

const AM_URMPrivilegeConstant_SeEnableDelegationPrivilege = 10

const AM_URMPrivilegeConstant_SeImpersonatePrivilege = 11

const AM_URMPrivilegeConstant_SeIncreaseBasePriorityPrivilege = 12

const AM_URMPrivilegeConstant_SeIncreaseQuotaPrivilege = 13

const AM_URMPrivilegeConstant_SeIncreaseWorkingSetPrivilege = 14

const AM_URMPrivilegeConstant_SeLoadDriverPrivilege = 15

const AM_URMPrivilegeConstant_SeLockMemoryPrivilege = 16

const AM_URMPrivilegeConstant_SeMachineAccountPrivilege = 17

const AM_URMPrivilegeConstant_SeManageVolumePrivilege = 18

const AM_URMPrivilegeConstant_SeProfileSingleProcessPrivilege = 19

const AM_URMPrivilegeConstant_SeRelabelPrivilege = 20

const AM_URMPrivilegeConstant_SeRemoteShutdownPrivilege = 21

const AM_URMPrivilegeConstant_SeRestorePrivilege = 22

const AM_URMPrivilegeConstant_SeSecurityPrivilege = 23

const AM_URMPrivilegeConstant_SeShutdownPrivilege = 24

const AM_URMPrivilegeConstant_SeSyncAgentPrivilege = 25

const AM_URMPrivilegeConstant_SeSystemEnvironmentPrivilege = 26

const AM_URMPrivilegeConstant_SeSystemProfilePrivilege = 27

const AM_URMPrivilegeConstant_SeSystemtimePrivilege = 28

const AM_URMPrivilegeConstant_SeTakeOwnershipPrivilege = 29

const AM_URMPrivilegeConstant_SeTcbPrivilege = 30

const AM_URMPrivilegeConstant_SeTimeZonePrivilege = 31

const AM_URMPrivilegeConstant_SeTrustedCredManAccessPrivilege = 32

const AM_URMPrivilegeConstant_SeUndockPrivilege = 33

const AM_URMPrivilegeConstant_SeUnsolicitedInputPrivilege = 34

'URM Privilege actions

const AM_URMPrivilegeAction_NoChange = 0

const AM_URMPrivilegeAction_Enable = 1

const AM_URMPrivilegeAction_Disable = 2

const AM_URMPrivilegeAction_Remove = 3

'Create the configuration

Dim Configuration

Set Configuration = CreateObject("AM.Configuration.5")

'Create the configuration helper

Dim ConfigurationHelper

Set ConfigurationHelper = CreateObject("AM.ConfigurationHelper.1")

'Load the live configuration

Dim ConfigurationXml

ConfigurationXml = ConfigurationHelper.LoadLiveConfiguration

Configuration.ParseXML ConfigurationXml

'create a new URMPolicy

Dim URMPolicy

Set URMPolicy = Configuration.CreateInstanceFromClassName("AM.URMPolicy")

URMPolicy.Name = "Add Administrator"

Configuration.URMPolicies.Add URMPolicy.Xml

'Add a Group Behaviour Action

Dim URMBehaviour

Set URMBehaviour = Configuration.CreateInstanceFromClassName("AM.URMGroupBehaviour")

URMBehaviour.DisplayName = "BUILTIN\Administrators"

URMBehaviour.SID = "S-1-5-Domain-544"

URMBehaviour.Action = AM_URMGroupAction_Add

Configuration.URMPolicies("Add Administrator").GroupMembershipActions.Add

URMBehaviour.Xml

'Set up the privilege actions

Dim PrivilegeAction

Set PrivilegeAction = Configuration.CreateInstanceFromClassName("AM.URMPrivilege")

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeAssignPrimaryTokenPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeAssignPrimaryTokenPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeAuditPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeAuditPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeBackupPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeBackupPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeChangeNotifyPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeChangeNotifyPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeCreateGlobalPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeCreateGlobalPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeCreatePagefilePrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeCreatePagefilePrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeCreatePermanentPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeCreatePermanentPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeCreateSymbolicLinkPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeCreateSymbolicLinkPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeCreateTokenPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeCreateTokenPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeDebugPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeDebugPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeEnableDelegationPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeEnableDelegationPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeImpersonatePrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeImpersonatePrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeIncreaseBasePriorityPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeIncreaseBasePriorityPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeIncreaseQuotaPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeIncreaseQuotaPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeIncreaseWorkingSetPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeIncreaseWorkingSetPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeLoadDriverPrivilege

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeLoadDriverPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeLockMemoryPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeLockMemoryPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeMachineAccountPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeMachineAccountPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeManageVolumePrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeManageVolumePrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeProfileSingleProcessPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeProfileSingleProcessPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeRelabelPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeRelabelPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeRemoteShutdownPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeRemoteShutdownPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeRestorePrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeRestorePrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeSecurityPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeSecurityPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeShutdownPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeShutdownPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeSyncAgentPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeSyncAgentPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeSystemEnvironmentPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeSystemEnvironmentPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeSystemProfilePrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeSystemProfilePrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeSystemtimePrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeSystemtimePrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeTakeOwnershipPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeTakeOwnershipPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeTcbPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeTcbPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeTimeZonePrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeTimeZonePrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeTrustedCredManAccessPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeTrustedCredManAccessPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeUndockPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeUndockPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeUnsolicitedInputPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeUnsolicitedInputPrivilege

Configuration.URMPolicies("Add Administrator").PrivilegeActions.Add

PrivilegeAction.Xml

'Save the live configuration

ConfigurationHelper.SaveLiveConfiguration Configuration.Xml

Set ConfigurationHelper = Nothing

Set Configuration = Nothing

Related topics


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other