On the Privileges tab in the Create Rule Wizard you can grant or deny privileges for a process, based on the standard Windows policies in the User Rights Assignment list (Local Security Settings\Local Policies).
To grant or deny privileges for processes (including child processes) using the Privileges tab in the Create Rule Wizard:
-
Select the privilege and click Grant or Deny. To select multiple privileges, hold down the CTRL (or SHIFT) key while selecting the items.
-
To discard your choices, select the privilege and click Not Set.
You can differentiate the security levels with which a process will run using the Integrity tab in the Create Rule Wizard. The integrity level is a feature of Windows operating systems.
This parameter can be applied to clients running any of the following operating systems:
By default, this setting will not apply and is set to the High integrity level.
Detailed information about this topic
Once a rule is created, you can:
-
change its settings,
-
delete it,
-
import it, and
-
export it.
To delete, modify, or share a rule
To use the Edit Rule Wizard to configure a rule
-
Select the Privilege Elevation Rules or Blacklist Rules tab based on the type of rule to be created.
-
To open the Edit Rule Wizard, double-click a rule's title or click Details on the toolbar.
-
Specify the data requested in each tab and click Next.
-
Follow the prompts through the default tabs:
-
Description
-
Type
-
Groups
-
Validation Logic
NOTE: This option is available only in Safeguard Privilege Manager for Windows Professional Edition and Professional Evaluation Edition.
The Privileges and Integrity tabs display as advanced options.
-
Enter the required fields, marked with an asterisk '*' on the Description and Type tabs.
-
To save nd apply the rule, click Finish. If you did not specify the required data, the wizard notifies you.
-
Click the Save button on the menu bar of the Rule section. Or, if prompted, confirm that you want to save the rule.
More information for managing rules:
-
To delete or modify a GPO created with Safeguard Privilege Manager for Windows, use the Microsoft Group Policy Management Console (GPMC). You can also edit rules using the GPMC. For more information, see Using the Group Policy Management Editor.
-
If you are using Safeguard Privilege Manager for Windows Community Edition and open a rule with a Professional Edition feature to view or modify its settings, you will receive a notification. To open the Edit Rule window to display all the rule settings except for the Professional ones, click Yes.
NOTE: Modifying the rule will discard its Professional features.
Once rules are created for a GPO they can be exported in order to share the rules, copy the rules to another GPO or even for backup purposes.
To export rules
-
Select a GPO in the domain tree.
-
Right-click on the GPO name and select Export Rules.
-
Enter the path and file name of the export file to be created. Click ... to select a path using File Explorer.
-
In the pop-up window that displays a count of the Privilege Elevation Rules and Blacklist Rules for the GPO, complete the following steps, as applicable:
-
To include the privilege elevation rules in the export, select Export all Privilege Elevation Rules.
-
To include the blacklisted rules in the export, select Export all Blacklist Rules.
-
To begin the export process, click Export.
To import rules
-
Select a GPO in the domain tree.
-
Right-click on the GPO name and select Import Rules.
-
Enter the path and file name of the file to be imported. Click ... to select a path using File Explorer.
-
In the pop-up window that displays a count of the Privilege Elevation Rules and Blacklist Rules for the GPO, complete the following steps, as applicable:
-
To begin the import process, click Import.