Launch the Endpoint Privilege Management Policy Editor

The Endpoint Privilege Management Policy Editor is accessed as a snap-in to the Microsoft Management Console (MMC.exe).

From your administrator account, run MMC.exe. Type MMC into the Search Box from the Start Menu and press the Enter key.

We will now add Endpoint Privilege Management for Mac as a snap-in to the console.

  1. Select File from the menu bar and select Add/Remove Snap-in.
  2. Scroll down the list and select the Endpoint Privilege Management Settings snap-in. Click Add and then click OK.
  3. Optionally, select File > Save as and save a shortcut for the snap-in to the desktop as Endpoint Privilege Management.
  4. Select the Endpoint Privilege Management Settings node in the left-hand pane and select the operating system node to display the main screen in the details pane.

Navigate the Endpoint Privilege Management Policy Editor

An image of theEndpoint Privilege Management Policy Editor in Endpoint Privilege Management.

The left-hand pane containing the Endpoint Privilege Management Settings item is referred to as the tree pane. The folders beneath Endpoint Privilege Management Settings in the tree pane are referred to as nodes. The middle pane, which displays content relevant to the selected node, is referred to as the details pane.

 

If you expand the Endpoint Privilege Management Settings node, you will see three nodes:

  • Windows: Create Endpoint Privilege Management for Windows endpoints.
  • OS X: Create Endpoint Privilege Management for MacOS endpoints.
  • Licensing: Manage Endpoint Privilege Management licenses.

If you expand the OS X node you will see three nodes:

  • Workstyles: Assign privileges to applications.
  • Application Groups: Define logical groupings of applications.
  • Messages: Define end user messages.

Once a Workstyle has been created and selected in the tree pane, the Workstyle tabs will be displayed in the details pane.

Automatic Save

By default, the Endpoint Privilege Management Settings editor will automatically save any changes back to the appropriate GPO or local XML file if you are using the standalone console.

Automatic saving can be disabled, by deselecting the Auto Commit Settings menu option on the Endpoint Privilege Management Settings node, but is not recommended unless you have performance issues. If you deselect the Auto Commit Settings option, then you must select the Commit Settings menu option to manually save any changes back to the GPO. The Auto Commit Settings option is persisted to your user profile, so it will be set for all future editing of Endpoint Privilege Managementfor Mac settings.