Prevent Read and Write Access to File Types or Locations
You can restrict access to specific file types or locations using Privilege Manager. To prevent read / write access to file types or locations, do the following steps:
- Create a Deny File Access Action
- Create an Application Control Policy to which you will add the Deny File Access Action
- Test the privilege reduction you've just created
In the following scenario you will create a Microsoft Word document and save it on your machine to:
c:\company invoices\invoice 101.doc
Create a Deny File Access Action
-
Navigate to Admin | Actions.
-
Search for Deny File Access Action.
-
Click on Deny Read/Write Access to Microsoft Office Document Files.
-
Click on Duplicate.
-
Name the new copy of the action and click Create.
-
Enter the path of the file location (
e.g., c:\company invoices
), for our example we also set the switch to include subdirectories. -
Click Save Changes.
Create an Application Control Policy
-
Under your Computer Group select Application Policies.
-
Click Create Policy.
-
Select Skip the wizard, take me to a blank policy.
-
Add Name and Description, click Create Policy.
-
Under Conditions | Applications Targeted, click Add Application Targeted.
-
Search for word and add the MS Word filter.
-
Click Update.
-
Under Actions, click Add Actions.
-
Search for and add your Deny Read/Write Access to Microsoft Office Document Files Action.
-
Click Update.
-
Click Save Changes.
-
Set the Inactive switch to Active.
-
Next to Deployment, click the i icon and run the Resource and Collection Targeting Update. After you run update, the appropriate endpoints will receive the new policy.
Test Access
Verify that the restricted access you set up was successful by applying the following tests:
- In Microsoft Word, open
C:\company invoices\invoice 101.doc
. The file is read only and can't be modified. - Create a new document and attempt to save it to
c:\company invoices\
. You will be unable to open it and will receive a File Permission error. - Verify that you can create or modify a Word document in a different directory.
- In Microsoft Excel, save a spreadsheet to
c:\company invoices\invoice 101.doc
. The permissions are limited to Microsoft Word.