Manage Administrator Rights
Initially, you can manage administrator rights allocated in the Active Directory (AD) to delegate roles and responsibilities using the Microsoft® Windows® Visual Basic® script provided with the Ivanti Device and Application Control installation software.
- Install the Windows® Script Host (WSH) interpreter. See Windows Script Host Basics (https://docs.microsoft.com/en-us/previous-versions//ec0wcxh3(v=vs.85)) for additional information about the Windows Script Host.
- Schedule domain synchronization.
When ctrlacx.vbs runs, the script creates a special entry in the permissions list of the AD organization unit named Manage Ivanti Device and Application Control Settings. This entry only affects Device Control administrators and the devices they control permissions for. If you assign this setting to a specific user, who is also an Administrator defined using the User Access Manager dialog in the Management Console, this Administrator can only manage, directly from the Management Console, the designated users, user groups, and computers that the Administrator has assigned rights for. Administrator access rights are described by Defining User Access in the Ivanti Device Control User Guide or Ivanti Application Control User Guide.
- Select Start > Run.
- Type: cscript ctrlacx.vbs [parameter from following list]>filename.txt
- Add any of the following optional parameters, individually or in combination, to the parameters list command line:
- Click OK.
|-||Shows a brief description for each available parameter.|
|-e||Lists all access control rights, with condensed output.|
|-v||Lists all access control rights, with detailed output.|
|-q cn||Shows control rights by canonical name.|
|-s||Shows Manage Ivanti Device and Application Control Settings rights.|
|-create||Creates or updates Manage Ivanti Device and Application Control Settings rights.|
|-delete||Deletes Manage Ivanti Device and Application Control Settings rights.|
The delegation rights you create can be assigned to Active Directory organizational units (OUs).
To list all control access rights in condensed mode redirecting the output to MyFile.txt file, type:
cscript ctrlacx.vbs –e > MyFile.txt
To show the Manage Ivanti Device and Application Control Settings rights interactively, type:
After Completing This Task
You can assign the delegation rights by using the Windows Management Services and MMC when you run the script with -create parameter. See Windows Management Services and MMC (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb742441(v=technet.10)) for additional information about assigning delegation rights.