Security Controls Evaluation Guide

Home 

System Controls

Overview

Use Privilege Management to give a higher level system administrator the ability to stop an administrative user from altering settings that they should not change, for example, firewalls and certain services. Use Privilege Management to reduce administrative privileges for certain processes. Although the user has administrative privileges, the system administrator retains control of the environment.

Select to add items to elevate or restrict rights for the following system controls:

Uninstall Control Item

Service Control Items

Event Log Control Item

Process Termination Control Item

Try it yourself

Restrict Uninstall Permissions

In our Components example we gave our everyone group permissions to the Uninstall or Change a Program in the Add and Remove Programs component, however there are certain programs that we do not want members of the everyone group to have permissions to uninstall.

1.In the Application Control Configuration Editor, navigate to Rule Sets > Group > Everyone > Privilege Management.

2.In the right hand work area select the System Controls tab.

3.In the work area, right-click and select Uninstall Control Item from the context menu.

4.In the Add Uninstall Control Item dialog, in Application enter Procmon.exe.

5.Select Add and the item display in the list, check that the Policy is Builtin Restrict.

6.Save and deploy the configuration.

Test it

1.Open Add/Remove Programs.

2.Locate Procmon.exe, attempt to uninstall the program, uninstall should be denied.

Your next step

Applications

Components

Self Elevation

Why use Privilege Management?


Was this article useful?