Manage Administrator Rights

Initially, you can manage administrator rights allocated in the Active Directory (AD) to delegate roles and responsibilities using the Microsoft® Windows® Visual Basic® script provided with the Ivanti Device and Application Control installation software.

Prerequisites

  • Install the Windows® Script Host (WSH) interpreter. See Windows Script Host Basics on the Microsoft documents site for additional information about the Windows Script Host.
  • Schedule domain synchronization.

When ctrlacx.vbs runs, the script creates a special entry in the permissions list of the AD organization unit named Manage Ivanti Device and Application Control Settings. This entry only affects Device Control administrators and the devices they control permissions for. If you assign this setting to a specific user, who is also an Administrator defined using the User Access Manager dialog in the Management Console, this Administrator can only manage, directly from the Management Console, the designated users, user groups, and computers that the Administrator has assigned rights for. Administrator access rights are described in Defining User Access.

  1. Select Start > Run.
  2. Type: cscript ctrlacx.vbs [parameter from following list]>filename.txt
  3. Add any of the following optional parameters, individually or in combination, to the parameters list command line:
  4. Parameter

    Description

    -

    Shows a brief description for each available parameter.

    -e

    Lists all access control rights, with condensed output.

    -v

    Lists all access control rights, with detailed output.

    -q cn

    Shows control rights by canonical name.

    -s

    Shows Manage Ivanti Device and Application Control Settings rights.

    -create

    Creates or updates Manage Ivanti Device and Application Control Settings rights.

    -delete

    Deletes Manage Ivanti Device and Application Control Settings rights.

  5. Click OK.

The delegation rights you create can be assigned to Active Directory organizational units (OUs).

Example

To list all control access rights in condensed mode redirecting the output to MyFile.txt file, type:

cscript ctrlacx.vbs –e > MyFile.txt

To show the Manage Ivanti Device and Application Control Settings rights interactively, type:

ctrlacx.vbs -s

After Completing This Task

You can assign the delegation rights by using the Windows Management Services and MMC when you run the script with -create parameter. See Windows Management Services and MMC on the Microsoft documents site for additional information about assigning delegation rights.

Related Information

Related Tasks