To view discovered privileged applications and generate rules for them
-
Open the Privileged Application Discovery section from the navigation pane of the Console. The applications are displayed in the window on the right.
-
Click Display applications to list the privileged applications and other processes that are started (or failed to start), based on the default filter settings shown in the Applied Filters section on the top of the screen.
-
Select an application in the Privileged Applications Discovery grid below. Use the grid's column headers to sort the applications.
By default, the following information appears:
-
Any type of privileged applications
-
Privileged applications that were discovered during the last 30 days
-
Privileged applications that have no generated rule in the current section, or are marked as ignored
-
-
Use the Applied Filters wizard to modify the list. You can create multiple shared filter sets and save settings that other administrators can use. For more information, see Using the Applied Filters Wizard.
-
Select a record and then click Generate rules to open the Generate Rules Wizard.
-
On the first tab of the wizard, specify your rule type preferences. Click Next.
-
Add Validation Logic preferences into the rule, if necessary. The selected preferences will be used to create the corresponding Validation Logic type. Click Next.
-
Review your rules and click Next, or
-
Click the Review rules that will be created button to open a window with more information.
-
Click Details for more information, or click Close.
-
-
Select a target GPO for the rule and specify the GPO policy type. By default, the Administrators group (stored in the BUILTIN\Administrators Active Directory OU) is added to the rule. Click Create to save the rule.
-
Once a discovered privileged application is processed and a rule is created for it, or it has been marked as ignored, the application is considered processed.
-
To view ignored applications or applications for which the rules are created, change the Process Date of Item filter on the Applied Filters Wizard from None: Item has not been processed to the corresponding Date Range.
-
The rule created from the application is added to the selected GPO with a default name.
-
Select Export to export the list of applications presented on the grid. The list is saved as an .xls file.
After the rule has been created
-
The rule is added to the target GPO of the Group Policy Settings section.
-
The rule applies after the GPO settings are updated on the client computer.