27.1 Application Settings

Configuration is done through application controls. An application control identifies one or more applications and assigns a behavior to the applications. The supported behaviors are: 1) block file execution, 2) block Internet access, and 3) no restrictions (allow execution and Internet access). The behavior controls all instances of the listed applications, regardless of location (fixed disk, removable storage device, CD/DVD, or network drive).

For example, assume that App1.exe, App2.exe, and App3.exe are instant message applications that you don’t want users to run. You could create an application control called Messaging Applications, assign the three applications to the control, and set the behavior to block execution of the applications.

Or, assume that App4.exe and App5.exe are media applications that access music and video from the Internet. You don’t want bandwidth consumed by these types of activities, so you create an application control called Internet Media Applications, assign the two applications to the control, and set the behavior to block Internet access.

Before applying any policy that blocks file execution or Internet access for an application, you should test the policy on a single workstation to ensure that no adverse or unexpected results occur. For example, blocking critical operating system applications can result in a non-functioning operating system. Or, blocking a Microsoft Office application results in repeated attempts to reinstall the application, which could affect system operation or performance.

The following table provides instructions for managing the policy’s application controls:

Task

Steps

Additional Details

Create a new application control

  1. Click Add > Create New.

  2. Fill in the following fields:

    Name: Specify a unique name for the control. The name must be different than any other application control. For information about valid characters, see Naming Conventions in ZENworks Control Center.

    Description: This information is optional. You can provide text that helps identify the purpose, creator, or owner of the control.

    Default Behavior: Select one of the following behaviors:

    • No Execution: Blocks the application from executing. Blocks a non-executable file from opening.

    • No Internet Access: Blocks the application from accessing Internet content.

    • No Restrictions: Removes any restrictions (No Execution or No Internet Access) from the application. This enables you to override any restrictions for the application that might be inherited from another Application Control policy.

    Applications: Specify the applications or files to control. To do so, click New, type the name of the application or file, then click OK to add it to the list.

    You must specify the full name of the application or file. Partial names and wildcards are not supported. For example, to specify Notepad, you must enter notepad.exe, not just notepad.

    Do not specify a path. The control behavior is applied to all instances of the application regardless of location.

    Define Another Application Control: Select this option to create another application control after you finish with this one.

  3. Click OK to save the control.

    By default, the application control is enabled. If you do not want it enabled at this time, deselect the Enabled box. Disabling the application control leaves it in the policy but excludes it from being enforced when the policy is applied to a device.

The following applications cannot be blocked:

  • winlogon.exe

  • svchost.exe

  • taskmgr.exe

  • lsass.exe

  • wmiprvse.exe

  • services.exe

  • explorer.exe

  • smss.exe

  • dllhost.exe

  • csrss.exe

Copy an existing application control list from another policy

  1. Click Add > Copy Existing.

  2. Select the Application Control policies whose lists you want to copy.

  3. Click OK.

All application controls included in the selected policies are copied. If necessary, you can edit the copied controls after they are added to the list.

Import an application control from a policy export file

  1. Click Add > Import.

  2. Click the button.

  3. Click the Browse button to display the File Upload dialog box.

  4. Select the export file containing the application controls you want to import, then click Open.

  5. In the Select File dialog box, click OK.

  6. In the Import File dialog box, click OK to import the application controls to the list.

All application controls included in the export file are imported. If necessary, you can edit the imported controls after they are added to the list.

For information about exporting controls, see Export an application control.

Edit an application control

  1. Click the application control name.

  2. Modify the fields as desired.

  3. Click OK.

 

Rename an application control

  1. Select the check box next to the application control name, then click Edit > Rename.

  2. Modify the name as desired.

  3. Click OK.

 

Export an application control

  1. Select the check box next to the application control name.

    You can select multiple controls to export.

  2. Click Edit > Export.

  3. Save the file.

    The default name given to the file is sharedComponents.xml. You can change the name if desired. Do not change the .xml extension.

 

Delete an application control

  1. Select the check box next to the application control name, then click Delete.

  2. Click OK to confirm deletion of the control.