Use the By Folder Path rule to elevate or decrease privileges for processes that start from a folder path.
To create a By Folder Path rule using the Create Rule Wizard
-
Open the Create Rule Wizard. For more information, see Using the Create Rule Wizard
-
Specify the location of a Folder on the client computer or a network share in one of the following ways:
-
Type the folder path in the following format:
\\ComputerName\SharedFolder DriveLetter:\Folder
-
Use the common % variable and the * and ? wildcards to identify the folder, for example, *\Folder
-
Use Browse to locate the folder.
NOTE: When saving the rule, Privilege Manager for Windows converts the path into environment variables.
-
-
Fill in these optional fields, as necessary:
-
Publisher: Limit Elevation to files signed with the digital certificate of a publisher. Enter the exact name or use Browse to locate it.
NOTE: This option is available only in Safeguard Privilege Manager for Windows Professional Edition and Professional Evaluation Edition.
-
Apply settings to sub folders: Apply the rule to processes started from any file under any sub folders of the path.
-
Apply settings to child processes: Ensure that child processes triggered by the rule will not fail due to lack of privileges. This check box is enabled by default.
-
User’s context will be used to resolve system and resource access: Ensure that the Client uses the target's user environment to resolve file and registry access. This might be required to resolve drive mappings, and also if the rule specifies the publisher, version, or file hash for the target process running from a network location.
-
-
Define whether the rule will be user-based or computer-based.
-
User Policy: Select this option to apply the rule to the user logged into the computer. This option corresponds to the User Configuration node of the Group Policy Management Editor and is the default policy for all editions of Privilege Manager for Windows.
-
Computer Policy: Select this option to apply the rule to a computer regardless of the user logged in. This option corresponds to the Computer Configuration node of the Group Policy Management Editor.
NOTE: This option is available only in Safeguard Privilege Manager for Windows Professional Edition and Professional Evaluation Edition.
-
-
Complete the Privileges (see Granting or denying privileges (Privilege Elevation Rules only)) and Integrity (see Differentiating security levels (Privilege Elevation Rules only)) tabs to modify the rule.
-
Click Finish to quit the wizard.
-
The rule will be named after the folder path.