Recommended Security Rules

Ivanti recommends that you define certain administrative security rules before installing Ivanti Device and Application Control.

The recommended security settings are specific to Microsoft^® Windows^® and complement operation of Ivanti Device and Application Control.

Security Rule	Description
Hard Disk Encryption	Encrypts computer disk drives to prevent unauthorized user access to the computer hard disk drive.
Password Protect the BIOS	Prevents administrative user access when using a CMOS reset jumper, in combination with password protection for the BIOS and seal/chassis intrusion protection.
Seal/Chassis Intrusion Protector	Uses seal and/or chassis intrusion protection hardware to prevent administrative user access using an external boot device to bypass workstation security software.
Administrative Rights	Remove local users from the local Administrators group to prevent unrestricted local user computer access.
Power Users	Remove local users from the Power Users group to prevent users from tampering or bypassing standard Windows security policies.
Access Policy	Restrict network and file access as much as possible, including use restriction only to NTFS partitions.
NTFS Partition	Use of NTFS partitioning is required for installation of Ivanti Device and Application Control product solutions.
Recovery Console	Password protect user access to the Recovery Console, which is available for the Windows DVD/CD-ROM or MSDN subscription.
Service Pack and Hot Fixes	Always install the latest service packs and hot fixes for the operating system supported by Ivanti Device and Application Control product solutions.
Firewalls	Use traditional perimeter-based security systems, like firewalls, to complement Ivanti Device and Application Control product solutions.
Password Policies	Maintain strong password security policies.
Private and Public Key Generation	Deploy Ivanti Device and Application Control product solutions using secure public and private key pairs.