Application Control for Windows

Only some of the users in an organization require the same level of access to the Programs in Windows. It is advisable to grant minimum access to the Users to prevent accidental or intentional misuse. Sectona PAM allows you to define such permissions through its Server Access Policy, wherein you can restrict or allow access to certain Programs for specific User Groups. You can choose these Programs from the existing library or add a new Program to the Program Repository.

This chapter will consist of the following:

Before you begin

You have installed the Server Control component on the target device.
The Sectona Windows Monitoring Service is in a running state.
The User Group you wish to allow/deny access to already exists.

Supported Access Types for Windows to enable

Building server access policy

Navigate to Policies in the navigation bar.
Select the Server Access Policy from the sidebar.
Click on the Windows tab.
Click on the +Add Server Access Policy button.
Fill in the essentials(Policy details, User Groups, and Parameters) in the form that appears.
Policy Details: You need to enter the policy details you wish to create.
- Policy Name: Provide the name of the policy you want to create.
- Description: Enter a short description of the policy.
- Policy Type: Select whether you want to allow or deny permissions.
- Expiry: Set the expiry date of the policy.

User Groups: In the Enforced to User Group(s), specify the User groups on which you want to apply the server policies. In the Exception User(s), mention the Users who will be exempted from the server access policy. Click on Next
Parameters: In this tab, select the programs to which you want to allow or deny access. Confirm option means authorized users will be asked to confirm their choice when they try to access the program(s)(set as a Parameter in the policy). The Elevate option will allow the user to elevate the access level. Click on Next.

The Allow permission only allows the selected application and restricts the rest. The Deny permission denies all the selected applications and enables the rest. The Confirm and Elevate options will appear only if the Policy Type is set as 'Allow' in the Policy details. You can select either from Confirm and Elevate options, both of them or none of them.

Summary: It displays a summary of your policy based on the input provided in the last three sections.
Click on the "Finish" button.

Defining application control

By default, there exists a list of stored Programs for the ease of the user. To add a new Program to the Program Repository:

Navigate to the "Policies" option in the navigation bar.
Select the "Server Access Policy" from the sidebar.
Click on the Windows tab.
Click on the "+Program Repository" button.
A page will appear where you will find again a button to "+ Add Program."
Click on that and fill in the essentials for creating your new command.
- Risk category: This describes the various risk types that might occur while running the server access policy commands.
  - Unusual user activity: If the user behavior in the system performing activities is unusual.
  - User activity: If certain user activity is bringing about a risk.
  - Unusual account activity: If the account activities in the system are unusual.
  - Data theft and exfiltration: Accessing unauthorized data and retrieving it from a system or server.
  - Privilege account abuse: When the privileged user ignores the policies, or maybe some malicious activity occurs by accessing an unauthorized user.
  - Accountability risk: Someone is responsible for stealing the data from the system or server.
  - Identity theft: Someone pretends to be someone else to get access.
  - General: Some misbehavior of the activities due to the user performing them wrongly.
  - Leapfrogging: Adapting directly to the user and system activities to secure data access.
- Name: Specify the name you want to provide.
- Path: Specify the path of the application in the system.
- Exe Name: Provide with specific extension name.
- Process Name: Provide the name of the process for the app.
- Primary Title: Provide a title you want to use.
- Secondary Title: Providing a second title is optional.
- Version: Provide the version name (optional).
- Publisher: Provide the name of the publisher.
- Process Description: Specify the description of what the process will do.
- Hash: Provide app hash which is (optional).
- Type: The command type may vary from the choice you made.
  - Administrative
  - Backup
  - Configuration
  - Remote access
Click on the "Save" button.

Editing a policy

Navigate to the "Policies" option in the navigation bar.
Select the "Server Access Policy" from the sidebar.
Click on the Windows tab.
As the new page opens, you will find the list of existing server access policies.
Click the policy name and make the necessary changes in the form the window that appears.
Click on the Update button, and your policy will be updated.

Editing a Program in the library

Navigate to the "Policies" option in the navigation bar.
Select the "Server Access Policy" from the sidebar.
Click on the Windows tab.
Click on the "+Program Repository" button. A list of existing Programs appears.
Click on the Program you want to modify and make the necessary changes.
Click the Update button, and your Program will be updated.

Deleting a policy

Navigate to "Policies" in the navigation bar.
Select the "Server Access Policy" from the sidebar.
Click on the Windows tab.
A list of existing server access policies for Windows appears.
Click the Delete icon in the last column. The policy will be deleted.

Description	Representation
Delete record

Deleting a Program from the library

Navigate to the "Policies" option in the navigation bar.
Select the "Server Access Policy" from the sidebar.
Click on the Windows tab.
Click on the "+Program Repository" button, and a list of existing Programs appears.
Click on the Program you want to delete.
Click the Delete button to remove that particular program from the list.

Changes made in a policy during a session will be implemented only after restarting the session.