Working with Standard File Definitions

You can use Standard File Definitions (SFD) to simplify the task of building a central file authorization list.

Standard File Definitions (SFDs) contain digital signatures corresponding to standard executable files that are distributed with Microsoft Windows operating systems.

Using SFDs:

  • Simplifies initial setup.
  • Includes information necessary to automatically allocate files to predefined file groups and assign files to well-known user and user groups.
  • Minimizes the risk of authorizing tampered versions of operating system files.
  • Simplifies operating system upgrades because Ivanti Device and Application Control recognizes the standard files, and respective default file groups. Ivanti Device and Application Control automatically saves upgraded file definitions to the same locations as the originals.

The following table describes the system users/groups that can access the default SFD file groups.

File Group Name Users/Groups Assigned
16 Bit Applications Administrators (group)
Accessories Administrators (group), Everyone (group)
Administrative Tools Administrators (group)
Boot files Local Service (user), LocalSystem (user), Network Service (user)
Communication Administrators (group)
Control Panel Administrators (group)
DOS Applications Administrators (group)
Entertainment Administrators (group)
Logon files Everyone (group)
Ivanti Device and Application Control support files Administrators (group), Everyone (group)
Setup Administrators (group)
Windows Common Everyone (group)
  • Importing Standard File Definitions
    You can use standard Microsoft file definitions to quickly build a central file authorization list for executable files, macros, and scripts.

Related Information: