User/Group tab
The User/Group tab shows the user and user group default options that govern how clients interact with the Application Server.
The following table describes the User/Group tab default options and setting values.
|
Option |
Value |
Description |
|---|---|---|
|
Execution Blocking |
Blocking mode |
Prohibits user access to unauthorized files. Local authorization is permitted only for the Administrators and LocalSystem account. This is the default value. |
|
Non-blocking mode |
Allows user access to files that are not centrally authorized. Non-blocking mode applies only to executable files. |
|
|
Ask user for *.exe only |
Prompts the user to locally authorize an *.exe file when a digital signature is not found in the database. The user is not prompted to authorize subsequent DLLs, scripts, or other executable files which the authorized executable file accesses. |
|
|
Ask user always |
Prompts the user to locally authorize the primary executable and control the loading of each additional module or ActiveX when a digital signature is not found in the database. |
|
|
Execution Eventlog |
No events logged |
Does not create a Windows Event Log entry when a file access is denied. This is the default value. |
|
Access-denied logged |
Creates a Windows Event Log entry when file access is denied. |
|
|
Denied and non-blocked access |
Creates a Windows Event Log entry when a user requests access to an unauthorized file. |
|
|
Execution Log |
Log everything |
Creates a client log entry for every executable file access event. |
|
Log access denied |
Creates a client log entry for every denied executable file access event. This is the default value. |
|
|
Logging disabled |
Does not creates client log entries. |
|
|
Log Denied and Unmanaged Execution |
Creates client log entries for every denied executable file access event and script access requests from unauthorized users. |
|
|
Execution Notification |
No notifications |
Does not notify the user of file execution actions. This is the default value. |
|
Access-denied |
Notifies the user when execution is denied. |
|
|
Denied and non-blocked access |
Notifies the user when the system is in non-blocking mode or in blocking mode and file access is denied. |
|
|
Macro and Script protection (Internet Explorer only) |
Disabled |
No script or macro protection is applied. All VBScripts, JScripts, and macros can run. This is the default value. |
|
Ask User |
Only centrally and locally authorized VBScripts, JScript, or macros are automatically accessible. Ivanti Device and Application Control allows the local user the option to determine whether to access the unauthorized files. |
|
|
Deny All |
Only centrally and locally authorized VBScripts, JScript, or macros are accessible. |
|
|
Macro and Script log (Internet Explorer only) |
Log everything |
Creates a client log entry for every macro and script execution access event. |
|
Log access denied |
Creates a client log entry for every denied macro and script execution access event. This is the default value. |
|
|
Logging disabled |
Does not create client log entries. |
|
|
Log non whitelisted execution |
Creates client log entries for any file execution which executes that is not centrally authorized. |
|
|
Relaxed logon |
No relaxed logon |
No delay time before blocking is activated. This is the default value. |
|
Relaxed logon active |
A delay time occurs before blocking is activated. |
|
|
Relaxed logon time |
600 (Default) |
Time delay, shown in seconds, after logon during which the client operates in non-blocking mode. The relaxed logon time option only applies to executable files. |
The Macro and Script protection and Macro and Script log options work only with Microsoft Internet Explorer.