Security Levels


Application Control rules allow you to set security levels to specify how to manage requests to run unauthorized applications by the users, groups, or devices that a rule matches.

Apply security levels to control whether the user, group, and devices specified in a rule are fully restricted by rules, unrestricted, audited only, or granted self-authorization status entitling the user to decide whether to run an application.

security levels

Try it yourself

You can test whether Security Levels are being implemented correctly. The following example shows you how to test the Self-Authorizing level.

  1. Create a rule in the User rules node that applies to a test user account that is not a member of a group that belongs to the Trusted Owners list.
  2. Set the security control level to Self-Authorizing to allow the test user to self-authorize applications to run.
  3. Save and deploy the configuration.

Test it

  1. Login as the test user.
  2. Attempt to run the Registry Editor.
  3. You should see the application is prohibited and a message display with a prompt for a decision to allow the file to run, informing that the action will be logged.

Your next step

Allowed Items

Denied Items