QuickStart template for Windows and macOS
This section provides information about the properties for the Windows and macOS QuickStart templates.
![Closed](../../../Skins/Default/Stylesheets/Images/transparent.gif)
Name | Description |
---|---|
All Users |
Contains rules that apply to all standard users regardless of the level of flexibility they need:
|
High Flexibility |
Contains rules for users that require a lot of flexibility, such as software developers:
|
Medium Flexibility |
Contains rules for users that require some flexibility, such as sales engineers:
|
Low Flexibility |
Contains rules for users that don't require much flexibility, such as helpdesk operators:
|
Administrators |
Provides visibility on the Administrator accounts in use. Contains general rules to:
|
SYSTEM | Protects the Restricted System Functions application group against potentially malicious behaviour by a user who can perform elevated PowerShell commands. |
![Closed](../../../Skins/Default/Stylesheets/Images/transparent.gif)
Application Groups prefixed with (Default) or (Recommended) are hidden by default and do not need to be altered.
Name | Description |
---|---|
Add Admin - General (Business Apps) (Windows) Authorize - All Users (Business Apps) (macOS) |
Contains applications that are approved for elevation for all users, regardless of their flexibility level. |
Add Admin - General (Windows Functions) Authorize - All Users (macOS Functions) |
Contains operating system functions that are approved for elevation for all users. |
Add Admin - High Flexibility (Windows) Authorize - High Flexibility (macOS) |
Contains the applications that require admin rights that should only be provided to the high flexibility users. |
Add Admin - Low Flexibility | Contains the applications that require admin rights that should only be provided to the low flexibility users. |
Add Admin - Medium Flexibility Authorize - Medium Flexibility (macOS) |
Contains the applications that require admin rights that should only be provided to the medium flexibility users. |
Add Admin - Protected Operations | |
Passive - High Flexibility (Business Apps) | Contains applications that are allowed for High Flexibility users without providing admin authorization. |
Passive - Medium Business Apps | Contains applications that are allowed for Medium Flexibility users without providing admin authorization. |
Passive - Low Flexibility (Business Apps) | Contains applications that are allowed for Low Flexibility users without providing admin authorization. |
Block - Blocklisted Apps | Contains applications that are blocked for all users. |
Passive - All Users Functions & Apps | Contains trusted applications, tasks and scripts that should execute as a standard user. |
(Default) Any Application | Contains all application types and is used as a catch-all for unknown applications. |
(Default) Any Trusted & Signed UAC Prompt (Windows) (Default) Any Trusted & Signed Authorization Prompt (macOS) |
Contains signed (trusted ownership) application types that request admin rights or authorization. |
(Default) Any UAC Prompt (Windows) (Default) Any Authorization Prompt (macOS) |
Contains application types that request admin rights or authorization. |
(Default) Any Sudo Command (macOS) | Contains all sudo commands and is used as a catch-all for unknown sudo commands. |
(Default) Endpoint Privilege Management Tools | Provides access to a BeyondTrust executable that collects Endpoint Privilege Management troubleshooting information. |
(Default) Child Processes of TraceConfig.exe | |
(Default) Signed UAC Prompt (Windows) (Default) Any Signed Authorization Prompt (macOS) |
Contains signed (trusted ownership) application types that request admin rights or authorization. |
(Default) Software Deployment Tool Installs | Contains applications that can be installed by deployment tools such as System Center Configuration Manager (SCCM). |
(Default) Authorize - System Trusted | Contains operating system functions that are authorized for all users. |
(Default) Passive - System Trusted | Contains system applications that are allowed for all users. |
(Recommended) Restricted Functions | Contains OS applications and consoles that are used for system administration and trigger UAC/authorization when they are executed. |
(Recommended) Restricted Functions (On Demand) | Contains OS applications and consoles that are used for system administration. |
(Default) Trusted Parent Processes | Trusted processes for reference in parent-rules. |
![Closed](../../../Skins/Default/Stylesheets/Images/transparent.gif)
The following messages are created as part of the QuickStart policy and are used by Application Rules:
Name | Description |
---|---|
Allow Message (Authentication) | (Windows). Asks the user to provide a reason and enter their password before the application runs with admin rights. |
Allow Authorize (Authentication & Reason) | (macOS). Asks the user to enter their password and provide a reason before the application is authorized to run. |
Allow Message (Select Reason) | Asks the user to select a reason from a dropdown menu before the application runs with admin rights. |
Allow Message (Support Desk) | Presents the user with a challenge code and asks them to obtain authorization from the support desk. Support can either provide a response code or a designated, authorized user can enter their login details to approve the request. |
Allow Message (Yes / No) | Asks the user to confirm that they want to proceed to run an application with admin rights. |
Block Message | Warns the user that an application has been blocked. |
Block Notification | Notifies the user that an application has been blocked and submitted for analysis. |
Notification (Trusted) | Notifies the user that an application has been trusted. |