Best Practice: Using a Secondary File Filter

Using File Inventory

As a best practice you create an elevate policy with a priority of X (for example 85) to elevate or allow specific scripts or files to run. Then you add a policy with a priority of X+1 to deny any other execution of the command processor, PowerShell, or Microsoft installer files. For this example .msi is used.

  1. In the Privilege Manager Console under Computer Groups navigate to File Inventory.

  2. From the list of discovered resources, we are selecting our example TortoiseGit.

    file inv 1

  3. Click Create Filter.

  4. On the Manage Application page, check the File Name and Signed By checkboxes.

    file inv 2

  5. Click Create Filter.

    file inv 3

  6. Navigate to Computer Groups | Windows Computers.

  7. Select Application Policies.

  8. Click Create Policy.

  9. In the policy wizard select Controlling, click Next Step.

  10. In the policy wizard select Allow, click Next Step.

  11. In the policy wizard select Specific Applications, click Next Step.

  12. In the policy wizard select Existing Filter, click Next Step.

    1. Search for and add the secondary file filter created from the file inventory above.
    2. Click Update.

  13. On the policy wizard page that now lists the existing filter, click Next Step.

    file inv 4

  14. Name the policy and click Create Policy.

    file inv 5

The policy wizard added based on the selected filter the application target to allow the TortoiseGit application.

file inv 6