Using the Group Policy Management Editor
The Group Policy Management Console (GPMC) is a built-in Microsoft Management Console (MMC) snap in. 
You can use the features in Privilege Manager based on your Windows rights within the GPMC. 
You can use the Group Policy Management Editor in the GPMC to manage and create rules or you can use the Create Rule Wizard in the Privilege Manager for Windows console. 
To use the Group Policy Management Editor to create and manage rules:
- Open the MMC. On the Start menu, click Run, type MMC, and then click OK. 
- From the File menu, select Add/Remove Snap-in. The Add or Remove Snap-ins dialog box will open.
- Select Group Policy Management under the list of snap-ins.
- Click the Add button.
- Click OK.
 
- The Console Root window now has a snap-in, Group Policy Management, rooted at the Console Root folder. 
- Right-click a GPO under your forest in the Group Policy Management pane on the right and select Edit. 
- The Group Policy Management Editor will open. The editor now has Privilege Manager for Windows nodes, under Computer Configuration and User Configuration.
 
 
- The right pane has an Extended and a Standard tab.
- Click the Extended tab for more information about an item.
 
- Available only in Privilege Manager Professional and Professional Evaluation editions. To create new rule, select a Privilege Manager for Windows node and use the  New Rule button, or use the other toolbar buttons to delete or modify it. Before clicking the New Rule button, or use the other toolbar buttons to delete or modify it. Before clicking the New Rule button, be sure to select the Privilege Elevation Rules or Blacklist Rules tab. New Rule button, be sure to select the Privilege Elevation Rules or Blacklist Rules tab.
 
 
 
    Using the Create Rule Wizard
To use the Create Rule Wizard:
- 
- Select or create a GPO in the All GPOs node in the left pane of the Privilege Manager for Windows console: 
- Select a GPO from the list under the domain that your local computer is a part of, or 
- Select a domain, click the  New GPO button, name it, and click OK. The newly created GPO will be added to the All GPOs list in the Group Policy Objects container. New GPO button, name it, and click OK. The newly created GPO will be added to the All GPOs list in the Group Policy Objects container.
 
 
 
- Link any GPO not marked with the  icon to your domain or Active Directory OU. icon to your domain or Active Directory OU.
- Highlight the GPO in the left pane and click the  Link button above it. Link button above it.
- Browse for an OU or add the GPO to the domain in the dialog that displays.
- Click OK.
- Once the rule is created, its icon will change to  to indicate that it contains a rule and it will be listed in the GPOs with Policy Settings node. to indicate that it contains a rule and it will be listed in the GPOs with Policy Settings node.
 
- 
Use the Create Rule Wizard to configure the rule. 
- Select the Privilege Elevation Rules or Blacklist Rules tab based on the type of rule to be created. 
- Click the  New Rule button to open the Create Rule Wizard. New Rule button to open the Create Rule Wizard.
- Specify the data requested in each tab and click Next. 
- 
When creating a Privilege Elevation rule follow the prompts through the default tabs: Start, Description, Type, Groups, and Validation Logic (available only for Privilege Manager Professional). The Privileges and Integrity tabs display as advanced options. When creating a Blacklist rule follow the prompts through the default tabs: Start, Description, Type, and Validation Logic (available only for Privilege Manager Professional). 
- 
Enter the required fields, marked * on the Description and Type tabs. 
 
- 
Click Finish to save and apply the rule. If you have not specified the required data, the wizard will notify you. 
 
- Click the  Save button on the menu bar of the Rule section. Or, if asked, confirm that you want to save the rule. Save button on the menu bar of the Rule section. Or, if asked, confirm that you want to save the rule.
- 
An error message will notify you if you have insufficient permissions to perform any of the operations listed above.
 
- You must have permission to perform the same actions in the GPMC.
- Contact your system administrator to get the proper permissions.
 
- The rule will apply once the Group Policy is updated on the client computer. 
- A message will notify you that the rule’s parameters will change once the trial period expires, if you create a rule with any of the Privilege Manager Professional features while using the evaluation edition. For more information, see Editions. 
Getting started
To use the Start tab in the Create Rule Wizard:
- Select Create your own rule to create your own settings, or 
- Create a rule with pre-defined settings:
- Select the Select common rule from the list below option.
- Use the Operating System menu to sort the rules according to the operating system they apply to.
- Click Next to modify the default settings, or click Finish to save the your settings for the target GPO and quit.
 
To use the Description tab in the Create Rule Wizard:
- Enter a title to identify the rule and an optional description. 
- Check the Advertise this rule in the system tray on client computers option to display the title of the rule when using the View current rules option on the client system tray. 
The system tray also pop ups a desktop notification message any time there is a change to the set of rules flagged as advertised.
 
- Check the Disable data collection activity for this rule option to enable/disable data collection for the individual rule. 
- Check the Disable the rule regardless of validation option to stop the rule from applying until you uncheck the option. 
 
- Click Next. 
To use the Type Tab in the Create Rule Wizard to specify the essential parameters of the processes for the rule:
- Select the type of rule that you would like to create. 
Available only in Privilege Manager Professional and Professional Evaluation editions: 
 
- Specify the options that correspond to the type of rule you have selected. 
- Select user policy or computer policy. 
Define whether the rule will be user or computer-based.
- User Policy: Select this option to apply the rule to the user logged into the computer. This option corresponds to the User Configuration node of the Group Policy Management Editor and is the default policy for all editions of Privilege Manager for Windows. 
- Computer Policy: Select this option to apply the rule to a computer irrespective of the user logged in. This option corresponds to the Computer Configuration node of the Group Policy Management Editor. Available only in Privilege Manager Professional and Professional Evaluation editions. 
 
    Creating file rules
Use the By Path to the Executable rule to elevate or decrease privileges for processes that start from an executable file.
To create a By Path to the Executable file rule using the Create Rule Wizard:
- Open the Create Rule Wizard. For more information, see Using the Create Rule Wizard. 
- Specify the Path to an executable file on the client computer or a network share in one of the following ways: 
- Type the path to the file, including its extension, in the following format: 
\\ComputerName\SharedFolder\Filename.exe
DriveLetter:\Filename.exe
 
- Use the common % variable and the * and ? wildcards to identify the path, for example, *\filename.exe. 
- Use the Browse  button to locate the path. Once you locate the process, a dialog will prompt you to: button to locate the path. Once you locate the process, a dialog will prompt you to:
- Retrieve a digital signature for the rule's Publisher field. Click Yes to add the available digital signature. Click No to skip the prompt.
- Create a file version for the file. Click Yes to add the setting. Click No to skip the prompt.
 
- Create a unique cryptographic hash for the file to secure its identification. Click Yes to add the setting. Click No if you are creating the rule for the file for which data is likely to be updated in the future, or for any file with its name within the specified folder.
 
| 
 | Note: When saving the rule, Privilege Manager for Windows converts the path into environment variables. |  
 
 
 
- Click the Processes button to simplify adding parameters into the rule. Available only in Privilege Manager Professional and Professional Evaluation editions.
- Select whether you will create the rule from a process on a local or remote computer.
- A list of processes running on the computer will open. Locate the process and view its details in the fields to the right:
- Path: the path to the process's executable.
- Arguments: the arguments with which the process was started.
- Publisher: the digital certificate of a publisher.
- Version: the File Version property.
- Hash: a unique cryptographic hash.
- Integrity level: the security level with which the process runs in Windows 7 and higher.
- Privileges: the privileges granted to the process.
 
- Click OK. The data for the processes will be saved to the rule and displayed on the corresponding tabs of the wizard.
- To troubleshoot a Failed to retrieve processes. Please refer to documentation for more info error, check the following on the remote computer:
- The computer is turned on and accessible from the network;
- The domain administrator credentials have been provided; and
- Windows Management Instrumentation (WMI), Distributed Component Object Model (DCOM), File and Printer Sharing, and Remote Administration are allowed through the firewall.
 
 
- 
Fill in these optional fields, as necessary: 
- 
Define whether the rule will be user or computer-based. 
- User Policy: Select this option to apply the rule to the user logged into the computer. This option corresponds to the User Configuration node of the Group Policy Management Editor and is the default policy for all editions of Privilege Manager for Windows. 
- Computer Policy: Select this option to apply the rule to a computer irrespective of the user logged in. This option corresponds to the Computer Configuration node of the Group Policy Management Editor. Available only in Privilege Manager Professional and Professional Evaluation editions. 
 
- 
Complete the Privileges (see Granting/denying privileges (Privilege Elevation Rules only)) and Integrity (see Differentiating security levels (Privilege Elevation Rules only)) tabs to modify the rule. 
- 
Click Finish to quit the wizard. 
- The rule will be named after the executable.