Endpoint Privilege Management for Windows Core Scripting Guide

A Power Rule lets you change the outcome of an Application Rule, based on the outcome of a PowerShell script.

Rather than a fixed Default rule that can be set to Allow, Elevate, Audit, or Block for the applications in the targeted Application Group, a Power Rule lets you determine your own outcome based on any scenario you can build into a Power Shell script.

Any existing Default rule in a Workstyle can be updated to a Power Rule by setting the Run a Rule Script option to a Power Rule script, and importing the PowerShell script you want to use. Endpoint Privilege Management provides a PowerShell module with an interface to collect information about the user, application, and policy. The module can then send a resulting action back to the Endpoint Privilege Management client to apply.

The Power Rules module also provides a variety of message options that allow you to collect additional information to support your PowerShell script logic and provide updates to the user as to the status, progress, or outcome of your rule. The supported messages include:

  • Authentication message
  • Business Justification message
  • Information message
  • Pass code message
  • Vaulted credential message
  • Asynchronous progress dialog for long running tasks

Power Rules is a highly flexible feature with unlimited potential. If you can do it in PowerShell, you can do it in a Power Rule. Here are some example use cases for Power Rules:

  • Environmental Factors: Collect additional information about the application, user, computer, or network status to influence whether an application should be allowed to run, or run with elevated privileges.
  • Service Management: Automatically submit tickets to IT Service Management solutions, and determine the outcome of a service ticket.
  • File Reputation: Perform additional checks on an application by looking up the file hash in an application store, reputation service, or a vulnerability database.
  • Privileged Access Management: Check out credentials from a password safe or vault, and pass them back to Endpoint Privilege Management to run the application in that context.

Power Rules are best used for exception handling and with static policy.

For a list of cmdlets available in the PRInterface PowerShell module, see PowerShell PRInterface Cmdlets.