This article describes a simple way for you to create a windows application right based on the process that is already running for that application. This will simplify the process as you will not have to fill in the fields manually.
Question: Is it possible to create a windows application right if the application is already running?
Answer: Yes. Please see the below steps for creating this application right. This is a much simpler method as the values will get automatically populated.
For this example, the services.msc console will be used. It will be demonstrated here how to create a Windows application right so that a non-administrative user can run the services.msc console with administrative rights.
1. Open Centrify Access Manager and expand Windows Right Definitions > Applications > Right-click and choose "New Windows Application"
2. Give the right a name, for example: 'Services Console' and a description that helps to remember what its to be used for.
3. Choose the "Match Criteria" tab and click the 'Add' button at the top right:
4. Once the Definition Settings dialog opens, choose the "Import Process" button at the bottom:
5. If the Services.msc console is already opened, the process should be seen in this list. Highlight it and choose OK:
6. It will now be seen that the dialog is populated with the necessary information about the application, click OK when ready.
7. Don't forget to specify a privilege for the application right. Choose the 'Run As' tab and it can be specified to either have the application run under a certain user privilege or as the user with added privileges. In this example, we are running the application as an administrator.
8. You can now add this application right to a role assignment so that users can run the services console (and stop/start services) without needing administrative rights or knowing the admin password. This method can also be used to create application rights for any other application.