Application Execution Requires Approval
This policy type requires a user to provide a justification reason as to why they need to run a process (installer or executable). Then, the reason is submitted to specified managers via Privilege ManagerAdmin: Tools | Manage Approvals for approval. It also depends on whether or not the Manual Approval process is used. For instance, if you have configured Service Now as your approval process handler, these approval requests won't appear in the Admin: Tools | Manage Approvals area. There are several pieces to the Actions in this policy. Because Conditions and Actions are independent, these actions for approval can be applied to any condition. In this use case, we will apply this action to the LICEcap gif creator.
First create a filter that will identify the process/executable on which Privilege Manager will act.
-
Navigate to Admin | Filters.
-
Click Create Filter.
In this use case, we will target the LICEcap application (LICEcap.exe).
-
From the Platform drop-down select Windows.
-
From the Filter Type drop-down select Blank Win32 Executable Filter.
-
Add a name and description, click Create.
-
Enter LICEcap.exe in the File Name field under File Specifications as well as in the Original filename field under File Details.
-
Click Save Changes.
Create a Policy using this Filter
-
Using the Policy Wizard, create a controlling policy that elevates requiring approval.
-
Select what file types you want targeted with the approval elevation, for this example select Executables.
-
Choose your targets. You can specify several different targets, for this example select Existing Filter.
-
Search for and add the LICEcap filter created previously.
-
Click Update. You may also use File Upload to upload the LICEcap.exe file or Inventoried File if LICEcap.exe was inventoried for this computer group.
-
Click Next Step.
-
Name your policy and click Create Policy.
-
Set the Inactive switch to Active.
- Once the policy is delivered to the endpoint agent LICEcap.exe will require the user to enter a justification reason for running this application:
- Once the reason is entered by the user, the user clicks Continue to forward to the request to Privilege Manager for approval. On their desktop the Application Notice approval status is marked as Pending.
- Finally, a Privilege Manager user will approve this application request
To Approve Requests
-
Return to the Privilege Manager Dashboard and navigate to Admin: Tools | Manage Approvals.
-
Select the approval requested from the list and click on Approve.
-
Select One Time or an allotted time frame for access and Manage Approve.
-
You can now return to the desktop where the user initiated the executable, and you will see the request has been approved.
-
Click on Continue and the user is allowed to run that executable.
To adjust this policy to apply to specific users or endpoints, use the option to add Inclusion/Exclusion filters and Computer Groups.