Custom Tokens

A token is assigned to an application to change the privileges associated with the activity permitted for that application. Create a custom token to manually configure group membership, privileges, and process access rights.

Custom tokens can be used with on-demand rules, application rules, and content rules. By design, custom tokens only work for allow rules.

Changing the properties of an access token is designed for more advanced configurations.

Here are some scenarios on customizing the properties of a token:

  • Run remote PowerShell commands and scripts with a custom token that removes the SeRemoteShutDown privilege. This prevents the commands and scripts from shutting down servers during core business hours, even if the command or script indicates to do so.
  • Create a custom token to run an application with custom privileges configured in the token. The user can run the application but with modified privileges as configured in the token.