Group Management
The Group Management library allows you to compile reusable groups of files, folders, drives, signatures, network connections, and URL redirects that can be associated with rules in the configuration. For example, use groups to manage licenses for a suite of software or common sets of applications for certain user groups.
Use groups to manage long lists of related items for an application, for example, files, folders, drives, signatures, Windows Store apps, redirected URLs, and network items. Add the groups to rules to allow or restrict access. Groups include any combination of these items. For example, group a number of items for one particular application and then add the group to the Allowed or Denied Lists.
If the Group Name is amended, it automatically updates in any rule where the group is applied.
In this section:
- Create a Group
- Add Items to Groups
- Add Groups to Rule Items
- Remove Groups from Rule Items
- Delete Groups
- Capture Signatures within Groups
Create a Group
Two groups cannot have the same name. Naming two groups the same will display an error message informing that a group with the same name exists. You cannot save the group until you specify a unique name.
Renaming a group reflects in all rules that use that group.
- Navigate to the Group Management node.
- Select Add Group on the Groups ribbon.
- A new group with the default name "New Group" appears in the Group Management node.
- To rename the group, double-click it to make the name editable, and enter a new meaningful name such, for example, Microsoft Applications.
All nodes require a unique name.
-
To sort the groups, right-click the Group Management node and select Sort Ascending or Sort Descending.
Sort order persists between console restarts.
Add Items to a Group
Any combination of Files, Folders, Drives, Signature Files, Windows Store Apps and Network Connections can be added to a group. For example, all items that belong to a single application.
-
Navigate to the Group Management node, and select a group you want to add items to.
-
Select the Add Item drop-down arrow on the Groups ribbon.
- Do one or more of the foolowing:
- To add a file, select Add > File
- To add a folder, select Add > Folder
- To add a drive, select Add > Drive
- To add a signature file, select Add > Signature File
- To Add a Network Connection item, select Add > Network Connection Item
- To add a Windows Store App, select Add > Windows Store App
To populate a group, you can also do the following:
-
Right-click a group and select Add Items.
-
Add multiple files at once.
-
Drag and drop items from Internet Explorer.
Dragging and dropping files also includes any dependencies.
-
Cut, copy, and paste between groups.
Disable an item in a group
To avoid deleting and re-adding an item to a group, toggle its state.
-
Select the item in the group, and right-click.
-
Select Change State > Disable/Enable.
Organize Groups
Application Control uses folders and references to organize and streamline your groups.
Organize groups using group folders
Group folders function as a visual representation but do not affect reference relationships.
-
Navigate to the Group Management node, and select Add Group Folder on the Groups ribbon.
-
Name the folder and provide a description (optional).
All nodes must have a unique name.
-
Add subfolders by selecting the parent folder in the Group Management node and selecting Add Group Folder on the Groups ribbon.
-
Drag and drop groups from the Group Management workspace into the desired folder in the Group Management node.
A group can only be placed in one folder. Add group references to reuse a group.
Add references to other groups
References allow you to reuse groups to avoid manually adding the same items to every group. For example, you can create a group of .dll files that is then referenced by every group that uses those files.
Reference relationships are not visible in the Group Management node. You can view a group's references by selecting that group node or within any rule where the group is used.
-
Navigate to the Group Management node, and select the group you want to add references to.
-
In the Group selection dialog, select the groups you want to refer to.
Application Control prevents the creation of circular references.
-
Select OK.
Add Groups to a Rule Item
Groups can contain multiple items, for example, all the Files, Folders, Drives, Signatures, Windows Store Apps and Network items for a single application.
You can add groups to the Allowed Items, Denied Items, and User Privileges rule items, eliminating the need to add items individually to the lists. When adding a group to a rule item, Application Control implicitly includes all referenced groups.
-
Select either an Allowed Items, Denied Items, User Privileges rule item.
The rule item work area displays. - Click Add Item, and then select the menu path to add a group as follows:
To add a group of Allowed Items, select Allowed > Group
- To add a group of Denied Items, select Denied > Group
To add a User Privileges Item, select either Application > Group or Self-Elevation > Group
The group selection dialog displays.
- Select the group you want to add and click OK.
Remove Groups from a Rule Item
You can remove a group from a rule. All items within the group are also removed from the rule item. The group is not deleted and still remains under the Group Management node.
-
Select the Allowed Items, Denied Items, or Privilege Management rule item within the rule that contains the group you want to remove.
-
Select the group you want to remove and select Remove Item in the Rule Items ribbon.
The Remove Items dialog box displays. - Click Yes.
The group is removed.
Delete a Group
You can delete a group. When a group is deleted all items within the group are also deleted. If you try to delete a group that is currently used by a rule, a dialog displays that tells you where the rule where the rule is used. Remove the group from the rule before you delete the group. A message is displayed when the group contains items such as File, Folder, Drive, Signatures, Windows Store Apps, and Network Items.
- Select the group you want to delete.
- Select Remove Group on the Groups ribbon.
-
One of the following occurs:
-
The Confirm Removal dialog displays. Click Yes. The group and the items it contains are deleted.
-
The Group in use dialog displays providing the location of the rules that reference the group. Click OK and remove the group form the rule. Select Remove Group on the Groups ribbon, and click OK in the Confirm Removal dialog.
-
Capture Signatures in a Group
Use the Signature Wizard to capture multiple signature files.
- Select the group that you want to add signatures to.
-
Select Launch Signature Wizard on the Groups ribbon.
The Signature Wizard displays.
-
Click Next
The Search method window displays. - Do one of the following:
- To search for files in a particular folder, go to Step 5. If you wish to examine a specific process, make sure you have launched the relevant application before proceeding.
- To examine files used by one of the processes running on the computer, go to Step 10.
- Select Search Folders and click Next.
The Searching Folders window displays. -
Browse to and select the folder you wish to search and click OK.
-
Select the Include subfolders option as required and click Next to begin the search.
The Review Files window displays. -
Review the files and click Next to capture the signatures.
The Signature Generation window displays -
Go to Step 14.
-
Select Examine a running process.
-
Click Next.
The Examine a running process window displays showing all the running processes. -
Select the process to examine and click Next.
The Review Files window displays -
Review the files and click Next to capture the signatures.
-
Allow the generation to complete then click Next and Finish.