Skip to content

What are the Types of Application Supported in Securden Endpoint Privilege Manager

This guide classifies application types in Securden Endpoint Privilege Manager based on their practical use cases. Use this to determine which category to select when creating your elevation policies.

Standard Software & Installers

Most applications and their installers fall under this category. If you want to grant standard users permission to elevate an application or install/uninstall applications, this is the application you must use to define the file.

  1. Application (.exe)

    Use Case: The primary choice for standard Windows programs. Use this when you want to allow a specific software executable to run with administrative rights.

  2. Windows Installer (.msi)

    Use Case: Essential for software deployment and updates. Select this to allow users to install approved software packages using Windows Installer Service.

  3. Mac Executables / Applications (.app)

    Use Case: The macOS equivalent of an .exe. Use this to define and manage permissions for native Mac software that users interact with directly.

  4. Mac Installer (.pkg, .dmg)

    Use Case: Used for Apple software deployment. .pkg handles standard installations, while .dmg is used for mounting disk images containing app resources.

System Configuration & Administrative Tools

These application types can be used for defining applications and configuration tools that are used for IT troubleshooting and modifying system-level configurations and settings.

  1. Management Console (.msc)

    Use Case: Granting access to Windows administrative tools like services.msc or gpedit.msc without making the user a full local admin.

  2. Control Panel Items (.cpl)

    Use Case: Allowing access to specific system settings, such as "Add/Remove Programs" (Appwiz.cpl) or "Date/Time" (TimeDate.cpl).

  3. CLSID (Class Identifier)

    Use Case: Used for granular control over Windows components that don't have a direct file path, such as specific network adapter settings.

Task Automation & Scripting

Script files are used for running automated routines and administrative scripts. If you want to restrict which script files can a user run as admin or standard user, you must choose from these application types.

  1. Batch Files (.bat)

    Use Case: Automating a series of Windows command-line tasks in a specific sequence without manual user intervention.

  2. PowerShell Script (.ps1)

    Use Case: Executing advanced automation scripts within the PowerShell environment for complex system tasks.

  3. Mac Shell Script (.sh)

    Use Case: Automating terminal-based tasks and command sequences on macOS.

  4. VB Script (.vbs)

    Use Case: Supporting legacy web or system applications that require Visual Basic Scripting to function.

Command-Line & Advanced Unix Operations

You can add commands to the Securden EPM application repository. You can use these commands for filtering and control over SUDO commands by creating a suitable policy. Choose from these application types for precise control over terminal-based environments (Linux/Mac).

  1. Unix Commands

    Use Case: Allowing specific superuser/root actions (e.g., /usr/bin/apt-get) by defining the exact file path and optional parameters.

File and Folder-Level Controls

Securden provides application types for granting specific permissions for folders. If you want to grant permissions to read, write, edit, or delete files in a folder, use copy and paste functions within a restricted folder, or delete files from a folder; you can use these options.

  1. Folder with Executables

    Use Case: Blanket approval for a trusted directory. Allows all executables (like .exe, .msi, .bat) within a specific path to run with elevated rights.

  2. Folder Access

    Use Case: Full resource management. Use this to give standard users the ability to read, write, edit, and delete files in a restricted folder, as well as run them.

  3. Write to Folder

    Use Case: Specific "Paste" or "Create" actions. Useful when a user needs to move files into protected system directories without full elevation.

  4. File/Folder Deletion

    Use Case: Restricted cleanup. Allows users to delete items in protected folders where they usually lack permission, without granting broader administrative power.

Specialized Security & Web Components

You can add highly sensitive configuration files, certificates, and browser extensions to the application repository. Individual use cases are explained below.

  1. Securden Text Editor

    Use Case: Securely editing sensitive system configuration files (like the hosts file) without elevating a potentially vulnerable third-party text editor.

  2. Certificates

    Use Case: Authenticating trusted users and devices via digital signatures to verify the identity of servers and network resources.

    • Certificates can be used by websites, services, and network devices only if they are stored in the local device store.

    • Certificate files must be moved into a trusted root source for Active Directory authentication.

    These actions require admin rights.

  3. Browser Extensions

    Use Case: Controlling browser environments by allowlisting or blocklisting specific extensions to ensure security compliance.

Frequently Asked Questions

I want to allow users to install applications without giving admin rights. How do I achieve this?

You can add the setup/installer files to the Securden application repository. Once you have added them, navigate to the ‘Privileges’ section to create a control policy. When creating the policy, you can select the installer files, the users, and their devices. Once created, the policy will be enforced by the Securden Agent, and the users will be able to install the applications without becoming local administrators on their machine.

Users must be restricted from running any other app other than the ones in a specific folder. How do you enforce such rules?

In Securden EPM, add the required folder to the application repository under the type ‘Folder with Executables’ by specifying attributes such as folder path to pinpoint the folder accurately. Create a ‘Allowlist’ policy from the ‘Privileges’ tab and associate the policy with the required users and their machines and save the policy. The Securden Agent will enforce the Allowlist on associated endpoints.

Users will be able to run the apps added to the folder. All other apps will be blocked. If you need to allow users to run a new app, place the executable in the folder specified here.

How to allow standard users to run Network Adapter Settings on their machine?

Add ncpa.cpl as an application in Securden EPM under the Control Panel Item application type. Then create a policy for the required user by navigating to the ‘Privileges’ section. Select ‘Elevate with Local Administrator Privileges’ as the privilege elevation preference. The Securden Agent will enforce the policy and allow the specified users to run ‘ncpa.cpl’ while they remain a standard user

Securden Help Assistant
What's next?
Request a Demo Get a Price Quote
Thank you message

Thanks for sharing your details.
We will be in touch with you shortly.

Thanks for sharing your details.
We will be in touch with you shortly.