swewatan Koy Ceres you Does
Key Concepts
‘There are a numberof key concepts hat wil help in maximizing your understanding
and usage othe EPM solu.
Action Definitions
‘tons define tne way = EPM adminstatr can create a policy. The possible
Sctons tal cen be esigned to poly ere Isted below.
‘Action eon Description
Blok ‘Agplton ent stowes orn, regres of nae oF OS
€_ Binion one enpont conor.
Book Pals are rated o rove! end-users fom runing
Endser Seperarce: This action haste srongeat pal on
‘end-ser, ot provers ham fom fuming speiieg
‘pletion incor use of lock Poses can ely
‘Stapend he ora-sers ell tw pero cetan sss
un ‘Aloe Ene-ser fo enact Appleatons normaly, bated on
Normaty GJ herOS acon ae No Aopteten tse rete.
EndsorExperence: This satng suse par for
fronting anus owas al toe paste pact
Enausor experaneoofrasng and naling Appeatons
oer cam res aria PAs Contr Parr ee Guay ConceptTat
Koy Ceres you Does
Ueraccoun Conal (UAC) eroa on
Ender Cxperence. Appears se unchad wi lato
Pvioges wratrar or ote Apleston reqs sation,
‘eleanor oacig at surg 8
{Ekin ley ar you eo ann
“Tre Elevate Acton ony aoe
Pt rua cde
‘Aopleatons on Ensusor Computars mating parcubr cia
Ses Sala veges, earns prego
“The EPM Agent analyzes Appleaton requirments and onl
hate rocesen hat teu asta pogo a
Sopleaton tha rat explen requ Adrinsieve
Prntepes wa un narra.
Endaser Seperence. Apert unctadin accordance
‘win be user context ed are el ovaon freciros
Poss sonaro: Updos fa es Applcaton whose voror
‘recognized au sted source trample, habe ACoa
Resiet
{ein eat Apteaton devas
‘Stout be pt sod a Pusha i
pt snot of econo dows fo
“tarp, hora Window) pong 302.
Dveges roresy soy cegrading he
Spor Sacra stabi
oer cam res cori PAs Contr Parr Ur Guay ConceptKoy Ceres you Does
Administrators
‘The fowing terms ae used for EPM uses:
EPM Sat Adminstrator
EPM Account Administator
In aelton, tho following trms ar used for OS Administrator us
Local Administrator user
Systom Administrator
Application Family Tree
‘Tha Appcaion Family Tae is a combined view of an aplication along wih other
apptcatons that share tha same source, and appleatons al were tale by the
Specie apolation,
Application Group
‘an Appleation Group is ase of applicatons that are manages together Trust
teva, Run Normaty, and Block actone can be asalgned fo Appheaton Groups, In
fdation tothe preasfined Agpleaton Groups, custom AoplcaLon Groups can be
‘ated, ether wih or witout an acon as.gned to them, af be assigned to an
‘Rdvanced Poly, wih ts own action deine
vary Apcton Group and Poy ia assigned «Pac Pty vel an
fora. Pay Prec athe odo prcacenes or Palio a tet
$e Alan tng Pky Pry coma rg
‘eptcatons: neath a stan Phy wi fe ahr sugned
Prone apptea
_Alower moro vahe of Poy Prony nceates a haha Prony
EPM Control Panel
cetera cam res. PAs Cot Pare er Guay Concept Papriser te conPrdic-OnoOlne
Koy Cerca bu Does
‘The EPM Conial Pane! allows Standard Users to perform some Administrative
Tasks andlor un specie Serpts wih adminisvaive pvloges. Te EPM Cantal
Panel appar on nase Compuitrs hen Polies with Elevate Acton are
{onto fr the Windows Administrative Tasks of "AdAtomowe Printer or Network
{Gonnectons, or fo the Serts attached to Poly.
Delegated Management
‘Tho EPH Serve suppots the Delegated Ranagement feature. This featur allows
you to eeale now usr roles ane customize administrative acces to various
Features of tha CPM Server, fering moro granular roles for eran =PM
‘minigvalors win your organcation
Inbox
‘The Inbox the automates colecton are, where Palcy Automation events rom
Enc-user Computers are capured and aggregated. Administators can use Inbox
for Applicaton story monconng purposes, es well as fr coating automated
Palais fer Unhanaled Applestans tha rive to he Insox.
EPM Server has two separate inboxes, ne for Privlage Management avents and
‘ane for Applicaton Conl events
Inbox Event Aggregation
In general terms, aggregation sth consolation of multiple events nto @ single
ne ters Inbox event aggregation assur on events Ihageed by the same
[Appation anda he ‘otal these events pear inh Inbox as 9 sng tne tom
Ain aggregated overt. Those aggregated events can then be expanded to anayee
the cals of each ndidual ever
‘The “Count of apgragatad events inthe Inbox represents the number of unique
vents tiggerea on Ena-iset Computers. Overtime, he coun may Inrease, When
few events are captured, or decrease, when od events become unused
‘Tho use of aggregation significantly ineseaos the CPM Administat'e awareness
steven trougn staightorvars readability ane managment of events
‘Raoregation quickly provises Adminstrator wth important sformaton about
Cormmen appleatons tends, suchas the mast popular Applian tat require
fsdminvabva nghi,orthe most common unapproved executed Applatons,
‘The aggregation by Appiation feature is avalable in both Prllge Management
and Appteaton Cantal inboxes. In aon, te Appleton Carve Inbox proves
the aggregation by package featur, which farther enkancos to sotiware's a >
provide Administrators wit a empl, ata glance overvew of Applcalors,
Raoregation by package only avaiable # you have Applicaton ConliconsedKoy Ceres you Does
Policies
Plies ar the fundamental management components that can be created and
‘onigurod to manage and aut aceoss te applications on end uso computer,
Policy Automation
Policy Automation sto automatic detection and colin of various wvents
tigger by unhansiodappicatons on ond usorcomputors. Those events nude
ire administrative rights, permission to rn, access
Rush Mode
Mode icon Description
Rush ___ Rush Made a eae pearly ues fat reat
owe Burposos han arable cated oy he ragoria cleo ho
‘Rush ae tation) beeen rata te Pay Alomaon aera
Seno elnbos, a6 wel as Paley usage vers, tol 30
‘ate 0 mute,
log Run noe cn eat naa se
oticconeteconnan|
Sets
A Sotisacolection (or st) of computers o be managed. Once a Seis created
land the EPM Set Admnisvaa’ogs nt the EPNY Saverio cownload the Agent
fhe dawloades Agent Is specfcay asaocated wih he Set. Ary computers Ne
‘Agents ntalod an wl bo a parc hat St
In gone, 2 company wi hve ont on Sot, Evers, Policies and customized
ontgurations are nok sarod Between Sele, AsSonal Sol re creat’ onl f
cer cam res Dara PU is Contr Parr Guay Conceptpier tec comPrdic-OnoOrlne
Koy Cerca you Does
tnare fa group of computers or users that nds to be managed saparately, such
fab. separate business unt.
Software Distributor
| Software Distributors a syste or product that provides ast of tool ana
resources that help create and manage packages and averisemens. These tools
breused for dtbuting software to chert resources win an enter. Exanpies
‘of Software Ostibutor ae Microsat SCOM and MeAloe PO Prodct Deployment
For aconal information, refer tothe Microsot TechNet article Sofware
Distbuton In Confguraton Maragor
Source
‘Source fail incaes the pon of oxgin rom which the le was acquies
‘rgnaton pans for applications are racked to inl the source othe
instalatn, sues as rm Ine wob, th cporata network. a removabl sorage
‘devion,a sofware stor, or some other source af usted on the oomputer
port the natalaton ofthe EPM Agent the soutesiseategorzed as "Old
epteaton
Trusted Sources
Using Trusted Sources, EPM allows system Adminstrator to group togetner
‘Appeals hat woul be elevated a rules based ona pertear st of ear,
forexample: Appations located in a specie Network Shae or stalled By @
‘ortedwotware stbution systom,
‘The concept of Trusted Sources is enhanced by @ power Iori Trust”
mecnaniem, Tis mechanism means thatthe handling as @Trustea Sour isnot
Imted'to the Appleton test arto he Applicaton neato, but lea
Incorporates Appleations installed by them, even f hese Aopications bear a
diferent dlgtl signature, For example: dainng Microsofts System Cent
‘Configuration Manager (SCCM) au’ Trusted Source means tat at Aplications
‘sirbutod by SCCM bo consierad ae Trusted Soureo,rogardose of thee
‘agial sgratr.
| tho Source information accompanies ale troughout ts entre fete, the
Petey mantaned oy Trusted Sourees can be applied rtaactvsly, For example,
‘Appin vust was created based on the Appleaton fl’ locaton or soures, such
2. datrouton sytem tnt wis appied oven fhe Hs vedo cole
For moc information, 898 Trusted sowrensKoy Ceres you Does
Unhandled Applications
‘An unhandled application san appeaton thats not speiiallytrstes or blocked
inthe organtzaton.n other words, tere fs no expel EPM poy apatied
Updater
‘too «program (ten part oa previously install Applicaton) that obtains and
instal updatos and patches fo existng software.
Updates are often a signfcan component, wich elpe making the existing
Sofware or system stale and secure by slaling updates suc as secunty
patenes, bug Pres, and virus defnions, E°M incades several precafined Updatars
Bnd allows spectying custom Updater.
Windows Access Tokens and Customized Tokens
‘An Access Token isan objact hat describas he securly context ofa processor
thread. The ormaton na token cludes the deny and prvleges othe user
‘eau associates wit thal processor thead. Wren a user lage, te sstom
‘ortes he users password by comparing kwh formation sired i a secarhy
{database Ite password is aihertcaed, be system produces an acooss token,
Every process execitod on vohalf of user has a sony of tis accoss token, [For
fistonalinformation referto/scsses Tokens]
In EPM, custom tokens enable setting a specif level privileges fo cortain
[Repeats and processes when a Poles creloa. eso cong, Sianard Users
fre alowed to actess Applications or Processes they otherwise woul ot have
feces fo, by replacing the ten aiached to that process In acon, wien a user
istogged on as an Adminisvato a Polcy can be erated to reduce the rights fora
spectic Applicaton
By default, several tokans are crested: Adminstato, Power User, and Standard
Uber EPM alo alows ereatg custom tokens,
[emtswewatan Koy Ceres you Does
oer cam res cra PAisir Cort Pare Guay Concept