List of Default Actions

This topic describes the out-of-the-box actions that are available in Privilege Manager and can be used to make your policy configuration process easy.

Actions Catalog

Here is the complete list of Actions that come with Privilege Manager out-of-the-box, according to OS and category type:

macOS

Type Action Description
Adjust Effective Process Rights Action Run as Root Adjust the process rights of the application to run as the root user (macOS)
~~Allow Copy Action~~ Allow Copy to Applications Directory Note: This action is deprecated and can only be used with macOS agents versions prior to 11.2. This action is used by policies that allow users to copy applications to the root Applications directory as standard users using Privilege Manager.app.
Allow Package Installation This action is used by policies that allow users to run the package installer elevated.
AuthorizationDB Right Action Activity Monitor Kill Authorization Right (com.apple.activitymonitor.kill) This action grants the com.apple.activitymonitor.kill right in the authorizationdb for the duration of an applicable process.
Bless Helper Authorization Right (com.apple.ServiceManagement.blesshelper) This action grants the com.apple.ServiceManagement.blesshelper right in the authorizationdb for the duration of an applicable process.
Install Apple Software Authorization Right (system.install.apple-software) This action grants the system.install.apple-software right in the authorizationdb for the duration of an applicable process.
Modify System Keychain Authorization Right (system.keychain.modify) This action grants the system.keychain.modify right in the authorizationdb for the duration of an applicable process.
Xcode FLE Authorization Right (com.apple.dt.Xcode.LicenseAgreementXPCServiceRights) This action grants the com.apple.dt.Xcode.LicenseAgreementXPCServiceRights right in the authorizationdb for the duration of an applicable process.
CLI Justification Message (Application Action) Command Line Justification Message​ Justification message to execute before allowing the process to continue.
Display Advanced Message Action Application Approval Request (with Offline Fallback) Message Action Application Approval Request Message Action for macOS.
Application Approval Request (with ServiceNow Request Item Number) Message Action This action will display an approval request form for ServiceNow integrations for approval before allowing application to run on macOS endpoints.
Application Approval Request Message Action Application Approval Request Message Action for macOS.
Application Denied Message Action This action will display a modal denial notification message to the user and prevent application execution on macOS.
Application Justification Message Action Application Justification Message Action for macOS.
Application Warning Message Action Application Warning Message Action for macOS.
Just in Time Group Membership Action Just in Time Group Membership Action This action will add a user to a specified group for a specified time.
Display User Message Action Deny Execute Message This action displays a message to the user informing them that an application has been denied execution
Deny Execute Action Deny Execute This action stops specified applications from executing
Quarantine File Action File Quarantine This action can be used to quarantine a file by moving it to the default agent quarantine path

Windows

Type Action Description
Adjust Process Rights Action Add Administrative Rights This action adds basic administrative rights needed to install and run specified applications
Add Administrator Rights – Unrestricted This action adds administrative rights at a higher integrity level for specified applications. Usually you will only need to use this type of action if an application or installer needs to create a global object, such as a service, or if system changes require unrestricted administrator rights
Remove Administrator Rights This action removes administrative rights for specified applications
Remove Advanced Privileges Action This action removes advanced privileges for specified applications from the process token
Application Verifier Action Application Compatibility Testing This action triggers application compatibility testing while the process runs and sends the results to the server
Apply SVS Layer Action Workspace Virtualization Global Layer This action places specified applications in a common Workspace Virtualization global layer
Workspace Virtualization Isolation Layer This action places specified applications in a common Workspace Virtualization isolation layer
Create Children Processes as User De-elevate Child Processes Ensures that all child processes are created without administrator rights. Forces all new processes created by the targeted application to be launched by a de-elevated token.
Deny Execute Action Deny Execute This action stops specified applications from executing
Deny File Access Action Deny Read/Write Access to Microsoft Office Document Files This action can be used to deny read and write access to Microsoft Office documents
Deny Write Access to Executable Files This action can be used to deny write access to common executable files
Deny Windows Hooking Action Deny Windows Hooking This action limits specified applications from interacting in malicious ways with other applications
Display Advanced (Xaml) Windows Message Application Denied Message Action This action will display a modal denial notification message to the user and prevent application execution on Windows
Application Denied Notification Action This action will display a notification to the user that the process has been denied by a policy. The notification window will fade in and out and automatically close after a period of time
Application Warning Message Action Application Warning Message Action for Windows.
Approval Request (with Offline Fallback) Form Action This action will display an approval request form for approval before allowing application to run.
Approval Request (with ServiceNow Request Item Number) Form Action This action will display an approval request form for ServiceNow integrations for approval before allowing application to run.
Approval Request Form Action This action will display an approval request form for approval before allowing application to run
Authenticated Justification Message Action This action will display a customized message to the user, allowing for feedback and requiring authentication before running an application
Group Member Authenticated Message Action This action will display a customized message to the user and requires authentication by a member of the specified group if the end-user is not a member
Justify Application Elevation Action This action will display a justification prompt to the user before continuing to the process controlled by a policy
Justify Application Message Action This action will display a justification prompt to the user before continuing to the process controlled by a policy
Mobile Approval Request Form Action This action will display a approval request form for approval before allowing application to run.
Display User Message Action Deny Execute Message This action displays a message to the user informing them that an application has been denied execution
Deny Files Read and Write Access Message This action displays a message to the user informing them that an application will be restricted from certain file access
Limit Process Rights for New Applications Message This action displays a message to the user informing them that an application has had its rights reduced
Quarantine Message This action displays a message to the user informing them that an application has been quarantined
Remove Rights Message This action displays a message to the user informing them of an associated action
SWV Global Layer User Message This action displays a message to the user informing them that an application has been placed in SWV global layer
SWV Isolation Layer User Message This action displays a message to the user informing them that an application has been placed in SWV isolation layer
Windows Hooking Message This action displays a message to the user informing them that an application will be stopped from interacting with other applications
Encrypt Application Files Encrypt Common Application Documents This action can be used to automatically encrypt common application documents using Windows EFS.
Encrypt Microsoft Office Documents This action can be used to automatically encrypt Microsoft Office documents using Windows EFS.
Execute Application Action Immediate File Inventory This action will inventory the file being executed
GenericDetourAction Enable UAC Virtualization This action will turn on UAC virtualization for the target process.
Meter Application Action Meter Application Usage This action meters the usage of the specified applications
Quarantine File Action File Quarantine This action can be used to quarantine a file by moving it to the default agent quarantine path
Restrict File Dialogs Restrict File Dialogs This action prevents users from abusing the elevated rights of the application via the file open and save dialogs. This is a recommended action that customers should add to their elevation policies.
Set Environment Variable Action Suppress User Account Control Consent Dialog This action will prevent the UAC consent dialog from being displayed.
Set Process Security Descriptor Action Locked down Service Process Security Descriptor This action applies a restrictive security descriptor disallowing Administrators the right to terminate the process.
Win32 API Control Action
Examples
Block Local User Management This is a new action that, when applied, blocks the target process from adding, removing, or modifying local users. The powershell "'localuser'" cmdlets are what this action will block. It will block these actions from any application including Windows utilities, command-line utilities, etc.
Block Local Group Management This is a new action that when applied block the target process from adding, removing, modifying, or changing the membership of local groups. The powershell "'localgroup'" cmdlets are what this action will block. It will block these actions from any application including Windows utilities, command-line utilities, etc.
Block LSA Privilege Management This is a new action that when applied blocks the target process from changing local privileges. It will block these actions from any application including Windows utilities, command-line utilities, etc.

Unix/Linux

Type Action Description
Display User Message Action Deny Execute Message This action displays a message to the user informing them that an application has been denied execution
Deny Execute Action Deny Execute This action stops specified applications from executing