| With EPM, you will manage users’ privileged access to executables and processes via policies within the EPM server interface. |
|
| Policies enable you to fine-tune exactly which processes users may elevate on an endpoint (i.e. run a process as administrator). You can set a policy as either Allow or Deny, and define each policy by one or more attribute (filepath and signer) |
|
| You can create policies one at a time manually, or use Learning Mode to automatically create 'Allow' polices based on user activity. |
|
| You may want to explicitly deny a process. A 'Deny' policy will always take precedence. |
|
| Policies are applied to groups of users at the AD user group level. |
|
| Individual end users will have an effective policy set based on their AD group membership. |
|
| After policy creation and hardening, members of groups will only be able to elevate processes defined by an 'Allow' policy for their group. Anything not defined by a policy will be denied by default. |
|
| Once satisfied with the policy set for a particular group of users, manage requests for additional policies through your internal processes. |
|
| You can add, review, edit, and delete policies anytime. |
|
| You can review elevations attempted via EPM in the “Elevations” page. |
|
