Follow

How to give non admin user's privilege rights to certain applications.

Product: ProfileUnity

Product Version: 6.8.0+

Expires on: 365 days from publish date

Updated: February 14, 2019

 

Problem:

I have all non admin users and I would like them to lunch an application with administrative privileges. 

Symptoms:

The user's are non admins and they don't have any rights to install applications.

Possible Resolution(s):

Here six ways to allow users lunch application with elevated privileges. 

To elevate and application is to create a new rule in "Privilege Elevation" Module:

  • Contains (Path to application contains)
  • Equals (Full Path to application)
  • Hash (SHA265 hash of application)
  • Starts With (Path to application starts with)
  • Ends With (Path to application ends with)
  • Signed (Digital signature signer of application)

Example A.To allow users run apps elevated from certain publisher (signed)

Open ProfileUnity console, Edit the configuration, Open "Privilege Elevation", "Add Privilege Elevation Rule"

    • Type: Application
    • Action: Allow
    • Match: Signed
    • Value: Mozilla Corporation

Verify that the elevated application has a Valid Certificate and that name is taken from "Digital Signature Details", Name field:

Example of valid Name Field:

singed.jpg


Example of Valid Certificate:

CertificateSign.jpg


Note: If the Certificate date expires the application will not be elevated.

Example B. To allow users to run applications elevated from certain directory (Starts With)

Open ProfileUnity console, Edit the configuration, Open "Privilege Elevation", "Add Privilege Elevation Rule"

    • Type: Application
    • Action: Allow
    • Match: Contains
    • Value: C:\Program Files\Application Directory

Note: Only applications located in "C:\Program Files\Application Directory" will run elevated

Save, Update and download new INI to your netlogon\ProfileUnity directory

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.