Network Share Applications

Many organizations put trusted installers on a network share that employees can use. Those installers can be elevated automatically from the shared network location by assigning an elevation policy to the network share location.

There are different options to elevate rights to launch applications from a network share location.

  • One option is to create a file specification filter setting the path for the network share location. Then use that filter in a policy to apply administrative rights to all application launches from that path.
  • The other option is to download the Application Control - UNC Elevation Policy Template via Config Feeds and customize the template.

Applying Administrator Rights to a Network Share

Creating the Filter

  1. In the Privilege Manager Console navigate to Admin | Filters.
  2. On the Filter page, click Create Filter.
  3. On the New Filter page, select the platform. This can be either Both Windows / macOS, Windows, or macOS. For this example, select Windows.
  4. From the Filter Type drop-down select File Specification Filter. This also allows you to link in hashes or signatures.
  5. Enter the name and a description for the filter, for example "network share" and "filter to elevate applications installed from network share".
  6. Click Create.
  7. Add the Path that points to your Fileshare folder, click Save Changes. Use the same UNC path format for both macOS and Windows endpoints.

Creating the New Policy

  1. Navigate to Computer Groups | Windows Computers.
  2. Select Application Policies.
  3. Click Create Policy.
  4. In the policy wizard select Controlling, click Next Step.
  5. In the policy wizard select Elevate, click Next Step.
  6. In the policy wizard select Run Silently, click Next Step.
  7. In the policy wizard select Installer Packages, click Next Step.
  8. In the policy wizard select Existing Filter.
  9. Search and add the network share path filter previously created.
  10. Click Update.
  11. Click Next Step.
  12. Name your policy and enter a description.
  13. Click Create.
  14. Set the Inactive switch to Active.

Using the UNC Elevation Policy Template

Use the UNC Elevation Policy Template to create a customized policy that lets you scan a network share and automatically elevates launches of MSI and EXE files from that share.

  1. Navigate to Admin | Config Feeds.

  2. Expand Privilege Manager Product Configuration Feeds.

  3. Expand Application Control Solution.

  4. Locate the Application Control - UNC Elevation Policy Template and click the Install link. The template is installed.

  5. Navigate to Admin | Folders.

  6. In the folder tree open Privilege Manager Solutions | Application Control | Policies | macOS or Windows policies | Privilege Management.

  7. Click Create.

  8. From the template drop-down select UNC Share Elevation Policy.

  9. Enter a name and description.

  10. Enter the UNC Path to the network share. Use the same UNC path format for both macOS and Windows endpoints.

  11. Click Create.

  12. The Policy is created, but needs some attention. Confirm that this is an elevation policy and click Set as Elevate.

    policy

  13. Change the priority based on how this policy needs to interact with other policies for your organization, click Save Changes.

  14. Set the Inactive switch to Active.