User/Group tab

The User/Group tab shows the user and user group default options that govern how clients interact with the Application Server.

The following table describes the User/Group tab default options and setting values.

Option

Value

Description

Execution Blocking

Blocking mode

Prohibits user access to unauthorized files. Local authorization is permitted only for the Administrators and LocalSystem account. This is the default value.

Non-blocking mode

Allows user access to files that are not centrally authorized. Non-blocking mode applies only to executable files.

Ask user for *.exe only

Prompts the user to locally authorize an *.exe file when a digital signature is not found in the database. The user is not prompted to authorize subsequent DLLs, scripts, or other executable files which the authorized executable file accesses.

Ask user always

Prompts the user to locally authorize the primary executable and control the loading of each additional module or ActiveX when a digital signature is not found in the database.

Execution Eventlog

No events logged

Does not create a Windows Event Log entry when a file access is denied. This is the default value.

Access-denied logged

Creates a Windows Event Log entry when file access is denied.

Denied and non-blocked access

Creates a Windows Event Log entry when a user requests access to an unauthorized file.

Execution Log

Log everything

Creates a client log entry for every executable file access event.

Log access denied

Creates a client log entry for every denied executable file access event. This is the default value.

Logging disabled

Does not creates client log entries.

Log Denied and Unmanaged Execution

Creates client log entries for every denied executable file access event and script access requests from unauthorized users.

Execution Notification

No notifications

Does not notify the user of file execution actions. This is the default value.

Access-denied

Notifies the user when execution is denied.

Denied and non-blocked access

Notifies the user when the system is in non-blocking mode or in blocking mode and file access is denied.

Macro and Script protection

Disabled

No script or macro protection is applied. All VBScripts, JScripts, and macros can run. This is the default value.

Ask User

Only centrally and locally authorized VBScripts, JScript, or macros are automatically accessible. Ivanti Device and Application Control allows the local user the option to determine whether to access the unauthorized files.

Deny All

Only centrally and locally authorized VBScripts, JScript, or macros are accessible.

Macro and Script log

Log everything

Creates a client log entry for every macro and script execution access event.

Log access denied

Creates a client log entry for every denied macro and script execution access event. This is the default value.

Logging disabled

Does not create client log entries.

Log non whitelisted execution

Creates client log entries for any file execution which executes that is not centrally authorized.

Relaxed logon

No relaxed logon

No delay time before blocking is activated. This is the default value.

Relaxed logon active

A delay time occurs before blocking is activated.

Relaxed logon time

600 (Default)

Time delay, shown in seconds, after logon during which the client operates in non-blocking mode. The relaxed logon time option only applies to executable files.

Related Information: