Ivanti Privilege Management integration (2019 and newer)

Ivanti Application Control, powered by AppSense, is a separate Ivanti application that is included with some Security Suite licenses. Endpoint Security can import and deploy configurations that you create in Application Control. Because Endpoint Security already has a feature called "Application Control," in Endpoint Security this integration is called "Privilege Management."

Before you can deploy privilege management configurations, you need to copy some Application Control installation files to your core server.

In a \Program Files\LANDESK\ManagementSuite\LDLogon\HIPS\PrivilegeManagement\ folder, add the *.lic license file you received from your purchase.

In a \Program Files\LANDESK\ManagementSuite\LDLogon\HIPS\PrivilegeManagement\Default folder, add:

  • Client installation files from the Software folder in the Application Manager archive
  • All ApplicationManagerAgent* files

Once this is done, you're ready to import and deploy privilege management configurations.

To import a privilege management configuration
  1. In Application Control, create a configuration and save it. Configurations are stored in a file with a .aamp extension.
  2. In Endpoint Security, click Tools > Security and Compliance > Agent Settings. In the tree, click Agent settings > Security > Endpoint Security > Privilege Management.
  3. Right-click Privilege Management and click New to open the Privilege Management Settings dialog box.
  4. Enter a Configuration name.
  5. Click the Import configuration button, and browse for your saved privilege management .aamp configuration file.
  6. Click Save.
To deploy a privilege management configuration
  1. In Agent Settings > Security > Endpoint Security, double-click the setting you want to modify or create a new one.
  2. In the Default policy tab, select Privilege Management. In the dropdown list next to that field, select the privilege management configuration you created earlier.
  3. Click Save.
  4. Use Endpoint Security to deploy the updated configuration.

Deploying alternate Application Control agent versions (2019 SU2 and newer)

At times you may want to test newer Application Control agent versions on a limited basis without requiring changes to other existing Application Control installations. Privilege management allows you to select either a default agent version or a different version that you specify.

If you have multiple privilege management software versions that you want to test, add the installation files for those versions to folders that you create alongside the Default folder in \Program Files\LANDESK\ManagementSuite\LDLogon\HIPS\PrivilegeManagement\. Additional folders you create here will be visible in the Privilege Management Settings dialog box. Then, create an additional privilege mangement agent setting that uses your alternate agent version and deploy that to your test group.

To deploy an alternate Privilege Management version
  1. On your core server, create a new folder under \Program Files\LANDESK\ManagementSuite\LDLogon\HIPS\PrivilegeManagement\. Put your alternate Application Control agent installation files there.
  2. In Application Control, create a configuration and save it. Configurations are stored in a file with a .aamp extension.
  3. In Endpoint Security, click Tools > Security and Compliance > Agent Settings. In the tree, click Agent settings > Security > Endpoint Security > Privilege Management.
  4. Right-click Privilege Management and click New to open the Privilege Management Settings dialog box.
  5. Enter a Configuration name.
  6. Click the Import configuration button, and browse for your saved privilege management .aamp configuration file.
  7. In the Deployment section, select Other.
  8. Select the folder you created that holds your alternate agent installation files.
  9. Click Save.
  10. Deploy this agent setting to your test group.