Application Control

Home 

This page refers to an older version of the product.
View the current version of the online Help.

User Privilege Management Use Cases

User privileges management has many use cases and solves problems that many enterprises have until now been unable to address. A small number of scenarios are given below:

  • Organizations that use local administrator accounts for theirs users may need to lock down elements of the desktop, such as the Control Panel component, Add Hardware or Add and Remove Programs \ Programs and Features. By dynamically dropping the user account from administrator to a standard user for specific controls, the user is now prohibited from accessing the control and executing an unwanted task.
  • Some applications require administrator rights because the application itself interacts with certain parts of the desktop operating system or registry. However, the organization does not wish to provide users with full administrator accounts. User privileges management can elevate the user rights for the named application to an administrator level, enabling the user to run their application while protecting the desktop.
  • Automatic update elements of some applications can require administrator rights to perform the update actions and therefore not function in the context of a standard user. User privileges managements can enable the named application to run under the context of an administrator account while all other applications remain in standard user context.
  • Mobile users may need to manually change their IP address, configure a wireless network, or change date and time properties, all of which require administrative rights.
  • User privileges management can elevate the user rights to administrator level for named tasks, enabling the user to make the changes they require.

Elevate User Privileges for Running Applications

Users often require administrative rights to perform their role. User Privilege Management allows you to elevate a user so that they have administrative rights for specified applications. To elevate user privileges, you must first create a policy and then apply this to a rule.

Example: Allow Users to Run Visual Studio and Debug Applications

Users often require administrative privileges to run, for example, Visual Studio, and to debug applications. Use user privilege management to elevate administrative rights for the specified applications.

To elevate user privileges, you need to first create one or more reusable policies and apply these to a rule.

Elevate User Privileges for Running Control Panel Components

Many roaming users need to do various tasks that need to be run as an administrator, for example:

  • To install printers
  • To change network and firewall settings
  • To change the time and date
  • To add and remove programs.

All of these tasks require components to run as administrator.

Use user privilege management to elevate privileges for individual components so that the non-administrative standard user can make the changes to perform their role.

Elevate privileges for a Component

  1. Select the User Privileges node beneath the applicable Rules node, for example, the Group > Everyone node.
  2. On the Privilege Management ribbon select Add Item > Add Component.

    The Select Components dialog displays.

  3. Select one or more components that you want to elevate, and click OK.

    Use the filter at the top of the Select Components dialog to filter components by operating system.

    The component is now listed on the Components tab in the policy work area.

  4. Ensure the Builtin Elevate policy is selected in the User Privilege Policy column.
  5. Save the configuration.

Reduce Privileges to Restrict Application Privileges

Running applications as an administrator enables a user to change many undesirable settings, install applications, and potentially open up the desktop to the Internet. Use user privilege management to restrict an administrator level user to running, for example, Internet Explorer in a standard user mode, thus safe-guarding the desktop.

To elevate user privileges, you need to first create a policy and then apply this to a rule.

Reduce User Privileges for Running Components

Use user privilege management to reduce privileges for individual components so that the non-administrative standard user cannot make certain changes.

Reduce Privileges for a Component

  1. Select the User Privileges node beneath the applicable Rules node, for example, the Group > Everyone node.
  2. On the Privilege Management ribbon select Add Item > AddComponent.

    The Select Components dialog displays.

  3. Select one or more components that you want to reduce privileges for, and click OK.

    Use the filter at the top of the Select Components dialog to filter components by operating system.

    The selected component now displays on the Components tab in the work area.

  4. Select the drop-down arrow in the User Privileges Policy column and select the Builtin Restrict policy.
  5. Save the configuration.

This page refers to an older version of the product.
View the current version of the online Help.