Authorized Owners

Authorized Owners increases the security of your Workspace Control environment by not allowing untrusted software to run. Untrusted software can include malware, video games or unlicensed software.

The feature is based on NTFS ownership and enables administrators to allow applications to be started only if the configured NTFS owner matches the file owner of the executable.

Workspace Control checks executables to ensure that their ownership matches the configured authorized owners. If end-users launch an application and the NTFS file owner of the executable is not found in the list of authorized owners, then Workspace Control blocks the application from starting.

When enabling the Authorized Owners feature, the following authorized owners list is evaluated before Workspace Control allows an application to start:

• SYSTEM

• BUILTIN\Administrators

• %ComputerName%\Administrator

• NT Service\TrustedInstaller

Therefore, by default, Workspace Control trusts items owned by the BULTIN\Administrators group and the local administrator.

To enable the Authorized Owners feature, open the Workspace Control Console and navigate to Security > Authorized Owners > Settings tab. Set the Authorized Owners option to Enabled and then select Save Settings from the main menu bar.

(click the image to enlarge it)

To disable the feature, select Disabled and then select Save Settings from the main menu bar.

The Authorized Owners feature will be expanded with additional functionality in a future release, including adding and removing owners, adding and editing administrative notes, and configuring Workspace Containers.

Introduced in Ivanti Workspace Control 2021.2 (version 10.7.20.0).