Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-10951: How to create a windows application right from a running process

Authentication Service ,  

3 January,19 at 11:40 PM



Question: Is it possible to create a windows application right if the application is already running?

Answer: Yes. Please see the below steps for creating this application right. This is a much simpler method as the values will get automatically populated.



For this example, the services.msc console will be used. It will be demonstrated here how to create a Windows application right so that a non-administrative user can run the services.msc console with administrative rights.

1. Open Centrify Access Manager and expand Windows Right Definitions > Applications > Right-click and choose "New Windows Application"

2. Give the right a name, for example: 'Services Console' and a description that helps to remember what its to be used for.

3. Choose the "Match Criteria" tab and click the 'Add' button at the top right:

User-added image




4. Once the Definition Settings dialog opens, choose the "Import Process" button at the bottom:


User-added image




5. If the Services.msc console is already opened, the process should be seen in this list. Highlight it and choose OK:


User-added image





6. It will now be seen that the dialog is populated with the necessary information about the application, click OK when ready. 


User-added image





7. Don't forget to specify a privilege for the application right. Choose the 'Run As' tab and it can be specified to either have the application run under a certain user privilege or as the user with added privileges. In this example, we are running the application as an administrator.


User-added image


8. You can now add this application right to a role assignment so that users can run the services console (and stop/start services) without needing administrative rights or knowing the admin password. This method can also be used to create application rights for any other application.

 

Related Articles

 articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleHOWTO: Control privileged execution of applications across UNIX, Linux and Windows with Centrify articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? article[HOWTO] Using a Multiplexed Account to Manage a Windows Scheduled Task articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-12215: How to silently install the Centrify Agent for Windows™ using Group Policies for MFA and Enrollment articleKB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal?