Dynamic Privileges
Use the Dynamic Privileges tab to elevate or restrict rights for applications while maintaining default privileges for the user. This allows you to grant administrative privileges to specific applications that need these privileges (such as proprietary applications, Control Panel applets (using rundll32.exe or control.exe) and applications that allow changes to be made to hardware settings) without granting the user full rights as an administrator. Reducing user privileges may be useful for granting a user that is an administrator an application that should not be run as an administrator, such as a command prompt.
Configuration
Access token:
- Do nothing (default) - Does not change any rights for this application.
- Add administrator rights - Forces the application to be started with administrator rights.
- Remove administrator rights - Forces the application to be started without administrator rights.
Example:
To make a Control Panel applet available create a new application in the Workspace Control Console with %systemroot%\windows\rundll32.exe and the appropriate parameter. Add administrator rights to the applet using Dynamic Privileges. For instance:
|
Date & Time Properties |
|
|---|---|
|
Module |
TIMEDATE.CPL |
|
Command: |
rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,0 |
|
result: |
Displays Set Date & Time properties tab |
|
Command: |
rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,1 |
|
result: |
Displays the Time Zone properties tab |
See Make Control Panel Applets (CPL files) available as applications for a more extensive list of Control Panel applets and their command lines.