Problem:
I have all non admin users and I would like them to lunch an application with administrative privileges.
Symptoms:
The user's are non admins and they don't have any rights to install applications.
Possible Resolution(s):
Here six ways to allow users lunch application with elevated privileges.
To elevate and application is to create a new rule in "Privilege Elevation" Module:
- Contains (Path to application contains)
- Equals (Full Path to application)
- Hash (SHA265 hash of application)
- Starts With (Path to application starts with)
- Ends With (Path to application ends with)
- Signed (Digital signature signer of application)
Example A.To allow users run apps elevated from certain publisher (signed)
Open ProfileUnity console, Edit the configuration, Open "Privilege Elevation", "Add Privilege Elevation Rule"
- Type: Application
- Action: Allow
- Match: Signed
- Value: Mozilla Corporation
Verify that the elevated application has a Valid Certificate and that name is taken from "Digital Signature Details", Name field:
Example of valid Name Field:
Example of Valid Certificate:
Note: If the Certificate date expires the application will not be elevated.
Example B. To allow users to run applications elevated from certain directory (Starts With)
Open ProfileUnity console, Edit the configuration, Open "Privilege Elevation", "Add Privilege Elevation Rule"
- Type: Application
- Action: Allow
- Match: Contains
- Value: C:\Program Files\Application Directory
Note: Only applications located in "C:\Program Files\Application Directory" will run elevated
Save, Update and download new INI to your netlogon\ProfileUnity directory
Product: ProfileUnity
Product Version: 6.8.0+