Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-10951: How to create a windows application right from a running process

Authentication Service ,  

3 January,19 at 11:40 PM

Question: Is it possible to create a windows application right if the application is already running?

Answer: Yes. Please see the below steps for creating this application right. This is a much simpler method as the values will get automatically populated.

For this example, the services.msc console will be used. It will be demonstrated here how to create a Windows application right so that a non-administrative user can run the services.msc console with administrative rights.

1. Open Centrify Access Manager and expand Windows Right Definitions > Applications > Right-click and choose "New Windows Application"

2. Give the right a name, for example: 'Services Console' and a description that helps to remember what its to be used for.

3. Choose the "Match Criteria" tab and click the 'Add' button at the top right:

User-added image

4. Once the Definition Settings dialog opens, choose the "Import Process" button at the bottom:

User-added image

5. If the Services.msc console is already opened, the process should be seen in this list. Highlight it and choose OK:

User-added image

6. It will now be seen that the dialog is populated with the necessary information about the application, click OK when ready. 

User-added image

7. Don't forget to specify a privilege for the application right. Choose the 'Run As' tab and it can be specified to either have the application run under a certain user privilege or as the user with added privileges. In this example, we are running the application as an administrator.

User-added image

8. You can now add this application right to a role assignment so that users can run the services console (and stop/start services) without needing administrative rights or knowing the admin password. This method can also be used to create application rights for any other application.