Security Controls Evaluation Guide
Use Privilege Management to give a higher level system administrator the ability to stop an administrative user from altering settings that they should not change, for example, firewalls and certain services. Use Privilege Management to reduce administrative privileges for certain processes. Although the user has administrative privileges, the system administrator retains control of the environment.
Select to add items to elevate or restrict rights for the following system controls:
•Uninstall Control Item
•Service Control Items
•Event Log Control Item
•Process Termination Control Item
Try it yourself
Restrict Uninstall Permissions
In our Components example we gave our everyone group permissions to the Uninstall or Change a Program in the Add and Remove Programs component, however there are certain programs that we do not want members of the everyone group to have permissions to uninstall.
1.In the Application Control Configuration Editor, navigate to Rule Sets > Group > Everyone > Privilege Management.
2.In the right hand work area select the System Controls tab.
3.In the work area, right-click and select Uninstall Control Item from the context menu.
4.In the Add Uninstall Control Item dialog, in Application enter Procmon.exe.
5.Select Add and the item display in the list, check that the Policy is Builtin Restrict.
6.Save and deploy the configuration.
1.Open Add/Remove Programs.
2.Locate Procmon.exe, attempt to uninstall the program, uninstall should be denied.
Your next step
Was this article useful?
Copyright © 2019, Ivanti. All rights reserved.