Working with Standard File Definitions
You can use Standard File Definitions (SFD) to simplify the task of building a central file authorization list.
Standard File Definitions (SFDs) contain digital signatures corresponding to standard executable files that are distributed with Microsoft Windows operating systems.
- Simplifies initial setup.
- Includes information necessary to automatically allocate files to predefined file groups and assign files to well-known user and user groups.
- Minimizes the risk of authorizing tampered versions of operating system files.
- Simplifies operating system upgrades because Ivanti Device and Application Control recognizes the standard files, and respective default file groups. Ivanti Device and Application Control automatically saves upgraded file definitions to the same locations as the originals.
The following table describes the system users/groups that can access the default SFD file groups.
|File Group Name||Users/Groups Assigned|
|16 Bit Applications||Administrators (group)|
|Accessories||Administrators (group), Everyone (group)|
|Administrative Tools||Administrators (group)|
|Boot files||Local Service (user), LocalSystem (user), Network Service (user)|
|Control Panel||Administrators (group)|
|DOS Applications||Administrators (group)|
|Logon files||Everyone (group)|
|Ivanti Device and Application Control support files||Administrators (group), Everyone (group)|
|Windows Common||Everyone (group)|
- Importing Standard File Definitions
You can use standard Microsoft file definitions to quickly build a central file authorization list for executable files, macros, and scripts.