Using an installed application or running process to create application rights

This section describes how to create an application right by importing values from an installed executable file or from a running process. After values are imported into the application right definition form, you can select which fields to use as search criteria for matching applications. Applications that match the search criteria are included in the application definition.

For more information about filling in fields by importing, see Examples of application right definitions.

To define an application right based on an installed application:

  1. Follow the procedure for creating a new application right manually to the point where the Definition Settings dialog opens (see Defining an application right manually).
  2. In the Definition Settings dialog, click Import File.
  3. Navigate to an application executable file, highlight the file, and click Open.

    Fields in the Definition Settings dialog fill in with all of the information that is available for the file that you selected. For example, if you navigated to C:\Program Files\Centrify\Access Manage and selected the Mmc_config.exe file, the Definition Settings dialog would look similar to this:

    Notice that:

    • The File Type field is set to .exe.
    • The Path option is selected, and the file name and path name are filled in.
    • Most fields in the File details section are filled in, but none are selected.

    The settings shown in this example specify that only the Mmc_config.exe file located in C:\Program Files\Centrify\Access Manage is included in the application right. The information in the File details section is not used because no options in that section have been selected.

  4. Choose whether to expand the definition to include other executable files, or to save the definition as it is currently defined (so that it specifies only the Mmc_config.exe file shown here).

    To expand the definition to include other executable files, go to Step 5 and continue from there.

    To save the definition as it is currently defined:

    • In the Description field, type a description for this application definition. This is the string that displays in the list of application definitions on the Match Criteria tab.
    • Click OK.
    • Continue to define the application right as described in Defining an application right manually.
  5. To expand the definition to include other executable files, use the File details area to specify characteristics that are used to search for executable files. All of the characteristics that you specify must be met in order for an executable file to be a match. See Defining an application right manually for details about operators and syntax for each option in the File details area.
    • Deselect the Path option.

      This step is necessary because all of the search options that you select use the AND operator when the search executes. If you leave the Path option selected, the search is constrained to this location and the definition will include only the file that is specified in the Name field.

    • In the File details area, select options to define search criteria for executable files.

      Selecting criteria that are more general will usually result in a greater number of executable files being included in the definition. In the example shown in Step 3, you would select only the Company option if you wanted to allow this definition to run all .exe files having a company name tag of Centrify Corporation. Select additional options to limit the scope of the search so that fewer executable files are included in the definition.

    • In the Description field, type a description for this application definition. This is the string that displays in the list of application definitions on the Match Criteria tab.

    • Click OK.

    • Continue to define the application right as described in Defining an application right manually. When you are done, the application right is available to use.

To define an application right based on a running process:

  1. Follow the procedure for creating a new application right manually to the point where the Definition Settings dialog opens (see Defining an application right manually).
  2. In the Definition Settings dialog, click Import Process.

    A list of running processes displays. By default, the list does not include these processes:

    Processes having an owner of SYSTEM, Local Service, or Network Service

    • conhost.exe
    • dllhost.exe
    • dwm.exe
    • explorer.exe
    • svchost.exe
    • taskhost.exe

    To display these processes, select the Show all processes option.

    Note:   System Idle Process and processes having unsupported file extensions (for example, .scr) are never shown.

  3. Highlight a process and click OK.

    Fields in the Definition Settings dialog fill in with information from the executable file that launched the process that you selected.

  4. Select executable files to include in this definition as described in Step 4 on page 149 through Step 5 on page 150. When you are done, the application right is available to use.