Rule Sets

Overview

A Rule Set is used to group rule items. The following types of rule sets are available in the Application Control configuration:

For more details on Rule Set Validation visit the Rule Sets section in the main Ivanti Security Controls Help.

Try it yourself

In this example we will deny access to Office applications for everyone. Then we'll create a new group; Office Apps who will be given access to a specific Office applications; Onenote and Outlook.

Step 1

Deny access to Office applications for the Everyone group.

  1. Navigate to Rule Sets > Group > Everyone > Executable Control.
  2. To restrict access to an item, select the Denied tab.
  3. Right-Click in the work area and select File.
  4. In the File field enter Excel.exe and click Add, repeat this for Onenote.exe, Outlook.exe, Powerpoint.exe and Winword.exe.
  5. All the items will appear in the Denied Items list.
  6. The Restricted radio button is selected (enforcing Executable Control) for the rule.

    Excel.exe, Onenote.exe, Outlook.exe, Powerpoint.exe and Winword.exe are denied

Step 2

Create a new Group Rule Set and Allow specific Office apps

  1. Navigate to Rule Sets > Group.
  2. Right-click and select Add Group Rule Set.
  3. Enter the name of the group, for example Office Apps.
  4. To allow access to specific Office apps, select the Allowed tab.
  5. Right-Click in the work area and select File.
  6. In the File field enter Onenote.exe and click Add, repeat this for Outlook.exe.
  7. The items will appear in the Allowed Items list.
  8. OneNote.exe and Outlook.exe are allowed

Test it

  1. Save and deploy the configuration.
  2. When a user logs on who is not a member of the Office Apps group, they will not be able to run any of the Office apps.
  3. When a user logs on who is member of the Office Apps group they will be able to run OneNote and Outlook, but Excel, Powerpoint, and Word will still be blocked.

Your next step

Executable Control

Privilege Management

Browser Control