Local Authorization

Local authorization allows users to locally authorize executable files, scripts, and macros that are not in the central authorization list. Then, the user can then use the software locally, providing users with the flexibility to run specific software applications without first requesting central authorization. You should limit use of this feature to avoid compromising the central network protection policy provided by Application Control.

Prerequisites

  • Using Tools > Default Options, verify that:
    • On the Computer tab, the Local Authorization default option is Enabled.

      Tip: You can also use this option to disable local authorization on all computers.

    • On the User/User Group tab, Execution Blocking default option is set to: Ask user for *.exe only, for the Blocking mode. The user is prompted to authorize the executable only. After the executable file is authorized, any DLLs or other executable files used by the authorized file will automatically be authorized.

      Tip: You may type a customized user notification message in the Notification Text field, such as Do you want to authorize this file locally?

  • On the User Explorer module File Groups by User tab, the users and user groups permitted to use local authorization are listed.
  1. Log in to an Ivanti Device and Application Control client computer using a locally authorized user or user group account.
  2. Select an executable file, script, or macro to run that is not centrally authorized.
    The Ivanti Device and Application Control- Unauthorized Application Detected dialog shows detailed information about the application that is about to run.
  3. Select one of the following options:

    4. Option

    Description

    Deny

    Denies local authorization of the specific executable file, script, or macro. The user is notified the next time an attempt is made to run the software application.

    Deny All

    Denies local authorization of all executable file, scripts, and macros.

    Authorize

    Authorizes the program locally only for that specific computer.

A progress bar appears at the bottom of the dialog. The Ivanti Device and Application Control- Unauthorized Application Detected dialog closes and the authorized application runs or is denied, based on the option selected.

The file is automatically denied and the dialog closes, if you do not respond within the time-out period.