When Implementing Appsense Environment Manager you are likely going to be using a Mandatory profile file.
The permissions for this file will need to be set-up to allow authenticated users read and Execute.
Its also a good practice to remove Administrators from the permissions (as they can tend to screw the file up)
An option to manage and ensure the permissions on the MAN file are set correctly is to use Appsense Environment Manager to set the permissions on the file. This can be as part of a Computer Startup Policy.
There are no built in NTFS permission controls options in appsense.
We can however simply perform an Execute Action on ICACLS.EXE or XCACLS.EXE and pass it the relevant parameters.
Example Syntax within the Environment manager console would be
ICACLS.EXE
FileName : %SystemRoot%\System32\icacls.exe
Working Directory : %SystemRoot%\System32
Parameters %man_profile% /inheritance:r /grant AppSense-svc:(OI)(CI)F SYSTEM:(OI)(CI)F "Authenticated Users:(OI)(CI)RX"
XCACLS.EXE
File Name : c:\support\xcacls.exe
Working Directory : C:\support
Parameters %man_profile% /P "Authenticated Users":RX Administrators:F AppSensesvc:F /Y /T
No comments:
Post a Comment