Use Windows Parameters with Power Rules

The Endpoint Privilege Management for Windows settings include a number of features allowing customization of text and strings used for end user messaging and auditing. If you want to include properties relating to the settings applied, the application being used, the user, or the installation of Endpoint Privilege Management for Windows, then parameters may be used which are replaced with the value of the variable at runtime.

Parameters are identified as any string surrounded by brackets ([ ]), and if detected, the Endpoint Privilege Management client attempts to expand the parameter. If successful, the parameter is replaced with the expanded property. If unsuccessful, the parameter remains part of the string. The table below shows a summary of all available parameters and where they are supported.

Parameter Description
[PG_ACTION] The action which the user performed from an end user message
[PG_AGENT_VERSION] The version of Endpoint Privilege Management for Windows
[PG_APP_DEF] The name of the Application Rule that matched the application
[PG_APP_GROUP] The name of the Application Group that contained a matching Application Rule
[PG_AUTH_METHODS] Lists the authentication and/or authorization methods used to allow the requested action to proceed
[PG_AUTH_USER_DOMAIN] The domain of the designated user who authorized the application
[PG_AUTH_USER_NAME] The account name of the designated user who authorized the application
[PG_COM_APPID] The APPID of the COM component being run
[PG_COM_CLSID] The CLSID of the COM component being run
[PG_COM_NAME] The name of the COM component being run
[PG_COMPUTER_DOMAIN] The name of the domain that the host computer is a member of
[PG_COMPUTER_NAME] The NetBIOS name of the host computer
[PG_CONTENT_DEF] The definition name of the matching content
[PG_CONTENT_FILE_DRIVE_TYPE] The drive type of the matching content
[PG_CONTENT_FILE_HASH] The SHA-1 hash of the matching content
[PG_CONTENT_FILE_IE_ZONE] The Internet Zone of the matching content
[PG_CONTENT_FILE_NAME] The file name of the matching content
[PG_CONTENT_FILE_OWNER] The owner of the matching content
[PG_CONTENT_FILE_PATH] The full path of the matching content
[PG_CONTENT_GROUP] The group name of a matching content definition
[PG_DOWNLOAD_URL] The full URL from which an application was downloaded
[PG_DOWNLOAD_URL_DOMAIN] The domain from which an application was downloaded
[PG_EVENT_TIME] The date and time that the policy matched
[PG_EXEC_TYPE] The type of execution method: Application Rule or shell rule
[PG_GPO_DISPLAY_NAME] The display name of the GPO (Group Policy Object)
[PG_GPO_NAME] The name of the GPO that contained the matching policy
[PG_GPO_VERSION] The version number of the GPO that contained the matching policy
[PG_IDP_AUTH_USER_NAME] The value given by the Identify Provider as the user who successfully authenticated to allow the requested action to proceed. Maps to the OIDC "email" scope.
[PG_MESSAGE_NAME] The name of the custom message that was applied
[PG_MSG_CHALLENGE] The 8 digit challenge code presented to the user
[PG_MSG_RESPONSE] The 8 digit response code entered by the user
[PG_POLICY_NAME] The name of the policy
[PG_PROG_CLASSID] The ClassID of the ActiveX control
[PG_PROG_CMD_LINE] The command line of the application being run
[PG_PROG_DRIVE_TYPE] The type of drive where application is being executed
[PG_PROG_FILE_VERSION] The file version of the application being run
[PG_PROG_HASH] The SHA-1 hash of the application being run
[PG_PROG_HASH_SHA256] The SHA-256 hash of the application being run
[PG_PROG_NAME] The program name of the application
[PG_PROG_PARENT_NAME] The file name of the parent application
[PG_PROG_PARENT_PID] The process identifier of the parent of the application
[PG_PROG_PATH] The full path of the application file
[PG_PROG_PID] The process identifier of the application
[PG_PROG_PROD_VERSION] The product version of the application being run
[PG_PROG_PUBLISHER] The publisher of the application
[PG_PROG_TYPE] The type of application being run
[PG_PROG_URL] The URL of the ActiveX control
[PG_SERVICE_ACTION] The action performed on the matching service
[PG_SERVICE_DISPLAY_NAME] The display name of the Windows service
[PG_SERVICE_NAME] The name of the Windows service
[PG_STORE_PACKAGE_NAME] The package name of the Windows Store App
[PG_STORE_PUBLISHER] The package publisher of the Windows Store app
[PG_STORE_VERSION] The package version of the Windows Store app
[PG_TOKEN_NAME] The name of the built-in token or Custom Token that was applied
[PG_USER_DISPLAY_NAME] The display name of the user
[PG_USER_DOMAIN] The name of the domain that the user is a member of
[PG_USER_NAME] The account name of the user
[PG_USER_REASON] The reason entered by the user
[PG_USER_SID] The SID of the user
[PG_WORKSTYLE_NAME] The name of the Workstyle