swewatan Koy Ceres you Does Key Concepts ‘There are a numberof key concepts hat wil help in maximizing your understanding and usage othe EPM solu. Action Definitions ‘tons define tne way = EPM adminstatr can create a policy. The possible Sctons tal cen be esigned to poly ere Isted below. ‘Action eon Description Blok ‘Agplton ent stowes orn, regres of nae oF OS €_ Binion one enpont conor. Book Pals are rated o rove! end-users fom runing Endser Seperarce: This action haste srongeat pal on ‘end-ser, ot provers ham fom fuming speiieg ‘pletion incor use of lock Poses can ely ‘Stapend he ora-sers ell tw pero cetan sss un ‘Aloe Ene-ser fo enact Appleatons normaly, bated on Normaty GJ herOS acon ae No Aopteten tse rete. EndsorExperence: This satng suse par for fronting anus owas al toe paste pact Enausor experaneoofrasng and naling Appeatons oer cam res aria PAs Contr Parr ee Guay ConceptTat Koy Ceres you Does Ueraccoun Conal (UAC) eroa on Ender Cxperence. Appears se unchad wi lato Pvioges wratrar or ote Apleston reqs sation, ‘eleanor oacig at surg 8 {Ekin ley ar you eo ann “Tre Elevate Acton ony aoe Pt rua cde ‘Aopleatons on Ensusor Computars mating parcubr cia Ses Sala veges, earns prego “The EPM Agent analyzes Appleaton requirments and onl hate rocesen hat teu asta pogo a Sopleaton tha rat explen requ Adrinsieve Prntepes wa un narra. Endaser Seperence. Apert unctadin accordance ‘win be user context ed are el ovaon freciros Poss sonaro: Updos fa es Applcaton whose voror ‘recognized au sted source trample, habe ACoa Resiet {ein eat Apteaton devas ‘Stout be pt sod a Pusha i pt snot of econo dows fo “tarp, hora Window) pong 302. Dveges roresy soy cegrading he Spor Sacra stabi oer cam res cori PAs Contr Parr Ur Guay ConceptKoy Ceres you Does Administrators ‘The fowing terms ae used for EPM uses: EPM Sat Adminstrator EPM Account Administator In aelton, tho following trms ar used for OS Administrator us Local Administrator user Systom Administrator Application Family Tree ‘Tha Appcaion Family Tae is a combined view of an aplication along wih other apptcatons that share tha same source, and appleatons al were tale by the Specie apolation, Application Group ‘an Appleation Group is ase of applicatons that are manages together Trust teva, Run Normaty, and Block actone can be asalgned fo Appheaton Groups, In fdation tothe preasfined Agpleaton Groups, custom AoplcaLon Groups can be ‘ated, ether wih or witout an acon as.gned to them, af be assigned to an ‘Rdvanced Poly, wih ts own action deine vary Apcton Group and Poy ia assigned «Pac Pty vel an fora. Pay Prec athe odo prcacenes or Palio a tet $e Alan tng Pky Pry coma rg ‘eptcatons: neath a stan Phy wi fe ahr sugned Prone apptea _Alower moro vahe of Poy Prony nceates a haha Prony EPM Control Panel cetera cam res. PAs Cot Pare er Guay Concept Papriser te conPrdic-OnoOlne Koy Cerca bu Does ‘The EPM Conial Pane! allows Standard Users to perform some Administrative Tasks andlor un specie Serpts wih adminisvaive pvloges. Te EPM Cantal Panel appar on nase Compuitrs hen Polies with Elevate Acton are {onto fr the Windows Administrative Tasks of "AdAtomowe Printer or Network {Gonnectons, or fo the Serts attached to Poly. Delegated Management ‘Tho EPH Serve suppots the Delegated Ranagement feature. This featur allows you to eeale now usr roles ane customize administrative acces to various Features of tha CPM Server, fering moro granular roles for eran =PM ‘minigvalors win your organcation Inbox ‘The Inbox the automates colecton are, where Palcy Automation events rom Enc-user Computers are capured and aggregated. Administators can use Inbox for Applicaton story monconng purposes, es well as fr coating automated Palais fer Unhanaled Applestans tha rive to he Insox. EPM Server has two separate inboxes, ne for Privlage Management avents and ‘ane for Applicaton Conl events Inbox Event Aggregation In general terms, aggregation sth consolation of multiple events nto @ single ne ters Inbox event aggregation assur on events Ihageed by the same [Appation anda he ‘otal these events pear inh Inbox as 9 sng tne tom Ain aggregated overt. Those aggregated events can then be expanded to anayee the cals of each ndidual ever ‘The “Count of apgragatad events inthe Inbox represents the number of unique vents tiggerea on Ena-iset Computers. Overtime, he coun may Inrease, When few events are captured, or decrease, when od events become unused ‘Tho use of aggregation significantly ineseaos the CPM Administat'e awareness steven trougn staightorvars readability ane managment of events ‘Raoregation quickly provises Adminstrator wth important sformaton about Cormmen appleatons tends, suchas the mast popular Applian tat require fsdminvabva nghi,orthe most common unapproved executed Applatons, ‘The aggregation by Appiation feature is avalable in both Prllge Management and Appteaton Cantal inboxes. In aon, te Appleton Carve Inbox proves the aggregation by package featur, which farther enkancos to sotiware's a > provide Administrators wit a empl, ata glance overvew of Applcalors, Raoregation by package only avaiable # you have Applicaton ConliconsedKoy Ceres you Does Policies Plies ar the fundamental management components that can be created and ‘onigurod to manage and aut aceoss te applications on end uso computer, Policy Automation Policy Automation sto automatic detection and colin of various wvents tigger by unhansiodappicatons on ond usorcomputors. Those events nude ire administrative rights, permission to rn, access Rush Mode Mode icon Description Rush ___ Rush Made a eae pearly ues fat reat owe Burposos han arable cated oy he ragoria cleo ho ‘Rush ae tation) beeen rata te Pay Alomaon aera Seno elnbos, a6 wel as Paley usage vers, tol 30 ‘ate 0 mute, log Run noe cn eat naa se oticconeteconnan| Sets A Sotisacolection (or st) of computers o be managed. Once a Seis created land the EPM Set Admnisvaa’ogs nt the EPNY Saverio cownload the Agent fhe dawloades Agent Is specfcay asaocated wih he Set. Ary computers Ne ‘Agents ntalod an wl bo a parc hat St In gone, 2 company wi hve ont on Sot, Evers, Policies and customized ontgurations are nok sarod Between Sele, AsSonal Sol re creat’ onl f cer cam res Dara PU is Contr Parr Guay Conceptpier tec comPrdic-OnoOrlne Koy Cerca you Does tnare fa group of computers or users that nds to be managed saparately, such fab. separate business unt. Software Distributor | Software Distributors a syste or product that provides ast of tool ana resources that help create and manage packages and averisemens. These tools breused for dtbuting software to chert resources win an enter. Exanpies ‘of Software Ostibutor ae Microsat SCOM and MeAloe PO Prodct Deployment For aconal information, refer tothe Microsot TechNet article Sofware Distbuton In Confguraton Maragor Source ‘Source fail incaes the pon of oxgin rom which the le was acquies ‘rgnaton pans for applications are racked to inl the source othe instalatn, sues as rm Ine wob, th cporata network. a removabl sorage ‘devion,a sofware stor, or some other source af usted on the oomputer port the natalaton ofthe EPM Agent the soutesiseategorzed as "Old epteaton Trusted Sources Using Trusted Sources, EPM allows system Adminstrator to group togetner ‘Appeals hat woul be elevated a rules based ona pertear st of ear, forexample: Appations located in a specie Network Shae or stalled By @ ‘ortedwotware stbution systom, ‘The concept of Trusted Sources is enhanced by @ power Iori Trust” mecnaniem, Tis mechanism means thatthe handling as @Trustea Sour isnot Imted'to the Appleton test arto he Applicaton neato, but lea Incorporates Appleations installed by them, even f hese Aopications bear a diferent dlgtl signature, For example: dainng Microsofts System Cent ‘Configuration Manager (SCCM) au’ Trusted Source means tat at Aplications ‘sirbutod by SCCM bo consierad ae Trusted Soureo,rogardose of thee ‘agial sgratr. | tho Source information accompanies ale troughout ts entre fete, the Petey mantaned oy Trusted Sourees can be applied rtaactvsly, For example, ‘Appin vust was created based on the Appleaton fl’ locaton or soures, such 2. datrouton sytem tnt wis appied oven fhe Hs vedo cole For moc information, 898 Trusted sowrensKoy Ceres you Does Unhandled Applications ‘An unhandled application san appeaton thats not speiiallytrstes or blocked inthe organtzaton.n other words, tere fs no expel EPM poy apatied Updater ‘too «program (ten part oa previously install Applicaton) that obtains and instal updatos and patches fo existng software. Updates are often a signfcan component, wich elpe making the existing Sofware or system stale and secure by slaling updates suc as secunty patenes, bug Pres, and virus defnions, E°M incades several precafined Updatars Bnd allows spectying custom Updater. Windows Access Tokens and Customized Tokens ‘An Access Token isan objact hat describas he securly context ofa processor thread. The ormaton na token cludes the deny and prvleges othe user ‘eau associates wit thal processor thead. Wren a user lage, te sstom ‘ortes he users password by comparing kwh formation sired i a secarhy {database Ite password is aihertcaed, be system produces an acooss token, Every process execitod on vohalf of user has a sony of tis accoss token, [For fistonalinformation referto/scsses Tokens] In EPM, custom tokens enable setting a specif level privileges fo cortain [Repeats and processes when a Poles creloa. eso cong, Sianard Users fre alowed to actess Applications or Processes they otherwise woul ot have feces fo, by replacing the ten aiached to that process In acon, wien a user istogged on as an Adminisvato a Polcy can be erated to reduce the rights fora spectic Applicaton By default, several tokans are crested: Adminstato, Power User, and Standard Uber EPM alo alows ereatg custom tokens, [emtswewatan Koy Ceres you Does oer cam res cra PAisir Cort Pare Guay Concept