This article describes how you can use empty managed applications to organize your security authorizations in PowerFuse. This is very useful if you’re sitting with quite a large Global Authorized Files list and you would like to break it up some. If you are maintaining several environments in one PowerFuse database, and you are utilizing both AppGuard and Read-Only Blanketing, it is very likely that you have probably authorized quite a few items by now. Chances are that you (or perhaps the guy before you)never really got into authorizing files and processes on application level. Here’s a related article on just that.
One way or another, you may now have a Global Authorized File list which is a mile long, and you would really like to clean it up.
The cleanup has actually been possible for a long time, as you have been able to stick configuration items to applications since the early 7.x days of PowerFuse. Back then the process was cumbersome because you manually had to recreate appguard authorizations on the apps. This basically meant a lot of copy and pasting, which wasn’t fun in the long run.
In PowerFuse 2010, we have the ability to move both security and configuration objects back and forth between the global/login areas and the managed applications. This makes it a snap to clean/break things up into more organized pieces. Here’s how we do it:
- In Composition | Applications | Managed Applications, create a new menu folder. Call it Hidden Apps or something similar.
- Create a new application there. Call it Placeholder, Win7 for example. The purpose of the app is to hold the security authorizations necessary for Windows7 to run without a hitch, even though being locked down by AppGuard. I chose to prefix the appname with the word Placeholder, so all such apps will be grouped together in the Application List view of the managed applications.
- Pick a nice icon for the placeholder app. The user will never see it, but you will in the console as PowerFuse 2010 now shows real icons instead of the oldschool Access Principal icons.
- Configure the application as hidden. On the Properties|Settings tab of the application, tick “Do not list in PowerHelp”, “Do not notify about running instances”, “Do not show in new applications” and “Hide application” as shown here on the right (click on the thumbnails to enlarge)
- Configure access control as necessary on the placeholder app, i.e. consider assigning the placeholder app to a zone which in this case describes Windows 7. Remember, don’t make things too complicated for yourself, just because you can. If you’re in doubt about the access control, just leave it to All Users.
Now your placeholder app is ready to rock. The next task is to move some of the existing Global Authorized Files into the placeholder apps.
- Start by going into Security | Global Authorized Files.
- Bef0re you do anything else, make sure the rules you want to move are currently not have any access control (zones, groups, etc) This is due to a small bug in 220.127.116.11 which has been confirmed.
- Mark one or more rules which you want to move to a placeholder application, then rightclick and select move.
- Pick the placeholder apps which you want to move the selected rules to.
- Repeat above steps 1-4 for every placeholder app you have.
Notes: Nobody says you have to have an empty global authorized file list. It’s a good place to store things that don’t really fit anywhere else which you want to keep a higher visibility on for one reason or another. Remember you can always view all rules across all placeholder applications by ticking the “Show all authorized files” box at the bottom of the Global Authorized files list. Then sort on the Application columb. Chech the result here on the right.
Per usual ‘Guru traidition, here is a buildingblock for PowerFuse which includes a set of placeholder applications to get you started. Note these are not exhaustively painstakenly tested so you may have to add a few rules yourself. Now knowing the method, this should be easy enough though.