Configuring Authorized Owners

By default, when enabling the Authorized Owners feature, the following authorized owners list is evaluated before Workspace Control allows an application to start:

  • .\Administrators

  • BUILTIN\Administrators


  • NT Service\TrustedInstaller

Therefore, by default, Workspace Control trusts items owned by the BULTIN\Administrators group and the local administrator. The default list of authorized owners is visible in the Workspace Control Console, under the Security > Authorized Owners > Authorized Owners tab.

Ivanti recommends to add only user accounts to the authorized owners list. Groups can be configured as authorized owners. However, the members of the configured groups are not part of the authorized owners list. If an unauthorized user attempts to start an application, Workspace Control blocks the application from running, even if the user is a member of an authorized group.

The list of authorized owners can be further configured by adding or removing NTFS users: