Is there any way to create an application group with JIT notification Only for application that requires Elevation( Target Audience: Standard user)?
Example scenario: If end user launches powershell under admin context then EPM should prompt them with JIT notification.
You can create rules for application that would trigger a UAC prompt.
I know you focused on Powershell, I don’t see that being a need for a standard user, but below principles could also work for Powershell, but would require a shortcut that would force the UAC to trigger, or that you use the On-Demand Application Rule instead.
Let’s target the user download folder as a sample:
Create a Application rules for Any EXE that triggers UAC, and reside in the user download folder.
From here create a request application rule that would apply full admin token and raise a JIT request.
You could do the same for MSI files.
Maybe Secure additional to check for certificate.
similar to that.
Thanks Jensen. This is perfect but is there a possibility to include exe launched from any of the folders not restricted only to the downloads?
Thanks Jensen. This is perfect but is there a possibility to include exe launched from any of the folders not restricted only to the downloads?
Plenty of options, my use of the downloads folder was just a sample. But you do not want rules that would cause a conflict with “Trusted” location, that would cause you to create many requests.
In the same app group you can add UNC paths, custom local paths, external paths etc. as long as you do not hit a rule that would have high priority.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
