Skip to content

How to Control Application Usage and Permissions using Securden EPM?

To regulate application usage and controlling who gets to run/execute which applications/commands with what privileges, Administrators can create application control policies for Windows, Linux, and Mac devices.

Note

Whenever a new policy is being created, a peer administrator must approve the policy before it can go into effect. If only one administrator exists in the user directory, then the policy will be enforced automatically.

How to Create Application Control Policies for Windows Devices?

Windows application control policies govern application privileges and permissions on Windows devices.

The EPM administrator can create application control policies, associate the required applications, computers, and users to granularly control application usage and permissions for users.

To create a Windows policy, navigate to Privileges >> Add Policy, select Windows Policy as the policy type and follow the steps below.

1) Provide a name and description for the policy.

2) Specify the application elevation preferences. You can choose between elevating with local administrator, domain administrator, and system privileges.

  1. Elevate with local administrator privilege – When this right is granted, the user will be granted permission to run the associated applications with local admin privileges.

  2. Elevate with domain administrator privileges - When this right is granted, the user will be granted permission to run the associated applications with domain admin privileges.

  3. Elevate with system privilege – When this right is granted, the apps/processes will run with system privileges.

3) If you want to create an application control policy, you can choose between allowlists or blocklists.

Allowlists – An allowlist allows the associated user to run the specific apps with the default permissions of the user account. All other apps are blocked for the user.

Blocklists- A blocklist blocks the associated user to run specific apps completely. The user is free to run all other apps.

4) Select the applications that must be added to this control policy.

5) Select the computers/computer groups this policy should apply to. You can do this through different methods. You can associate specific computers or associate the policy with every device in Securden.

6) Select the users/user groups for whom the policy is intended. You can include specific users or exclude certain users and associate the policy with every other user in the EPM.

7) Once the preferences are selected, Save the policy.

How to Create Application Control Policies for Mac Devices?

Mac Application Policies govern application usage on Mac Devices. If your organization has Mac devices onboarded, then it is recommended to create Mac application control policies before removing admin rights.

The EPM administrator can create Mac control policies by navigating to Privileges >> Application Policies >> Add Policy, select Mac Policy, and follow the steps below.

1) Provide a name and description for the policy.

2) Specify the level of permissions that this policy must grant. You can choose between local admin privilege, system privilege.

  1. Elevate with local administrator privilege – When this right is granted, the user will be granted permission to run the associated applications with local admin privileges.

  2. Elevate with system privilege – When this right is granted, the apps/processes will run with system privileges.

3) For command control, you can choose between granting or denying SUDO privileges.

4) To control application usage, you can choose between Allowlisting and Blocklisting.

  1. Allowlists – An allowlist allows the associated user to run the specific apps with the default permissions of the user account. All other apps are blocked for the user.

  2. Blocklists- A blocklist blocks the associated user to run specific apps completely. The user is free to run all other apps.

5) Select the Mac applications and commands that should be a part of the policy.

6) Select the computers/computer groups on which the policy must be enforced.

7) Select the users/user groups with whom the policy must be associated.

Once the preferences are selected, click Save.

How to Create Command Control Policies for Linux Devices?

Linux policies can be used to control which users get to run which commands with SUDO privileges by which users on which Linux devices. To create Linux command filtering policy, navigate to Privileges >> Application Policies >> Add policy and select Linux Policy and follow the steps below.

1) Provide a name and description for the policy.

2) Specify whether this policy must grant or deny SUDO privilege.

3) Search and select the commands/command groups for which the policy applies.

4) Specify the Linux devices on which the policy will be enforced.

5) Specify the Linux users/user groups with whom the policy must be associated. You can include specific users or apply this policy to everyone but a few by excluding specific users.

Once the preferences are selected, click Save.

Frequently Asked Questions

What are the different types of privileges that can be granted through a control policy?

When creating a policy in Securden, you can grant Local Admin privilege, Domain Admin privilege, System privilege, Grant or Deny SUDO privileges, and enforce application control through allowlisting and blocklisting.

How does an allow-listing policy work?

When an allowlist is created, the users associated with the policy will be able to run applications associated with the list with their standard permissions. Any other app outside the allowlist will be blocked for the associated users.

How does a blocklist work?

When a blocklist is created, the applications added to the list will not be accessible by the associated users. All other applications can be run by the users. These applications will run with the default permissions available for the user.

Does allowlisting allow users to elevate the application?

No, allowlisting and blocklisting can only be used for enforcing application control. Privileges cannot be elevated or modified using allowlisting and blocklisting.

Does Securden EPM support application control for Mac devices?

Yes, the EPM administrator can create allowlists and blocklists consisting of Mac applications to enforce application control on Mac devices.

Securden Help Assistant
What's next?
Request a Demo Get a Price Quote
Thank you message

Thanks for sharing your details.
We will be in touch with you shortly.

Thanks for sharing your details.
We will be in touch with you shortly.