Workstyles

Privilege Management for Mac Workstyles are used to assign Application Groups for a specific user or group of users. The Workstyle Wizard can generate Application Rules depending on the type of Workstyle you choose.

For more information, please see the following sections:

Workstyle Wizard

The Workstyle Wizard guides you through the process of creating a Privilege Management for Mac Workstyle. The options you select determine the function of the Workstyle.

  1. Navigate to the OS X > Workstyles node.
  2. Right-click the Workstyles node, and then click Create Workstyle on the top-right. The Workstyle Wizard is displayed.
  3. You can optionally enter a license code at this stage or you can enter it later once the Workstyle has been created.
  4. You can choose from Controlling or Blank for your Workstyle. A controlling Workstyle allows you to apply rules for access to privileges and applications. A blank Workstyle allows you to create an empty Workstyle without any predefined elements. If you selected a blank Workstyle, the next screen is Finish as there is nothing to configure.
  5. Filtering (Controlling Workstyle only). This determines who will receive this Workstyle. You can choose from Standard users only or everyone. If you apply it to everyone, it will apply to Administrators. You can modify the filters and apply more detailed filtering once the Workstyle has been created.
  6. Capabilities (Controlling Workstyle only). Allows you to choose Privilege Management, Application Control, or both. If you don't select either capabilities, the next screen is Finish. This Workstyle would only contain filtering information.
  7. Privilege Management (Controlling Workstyle with the Privilege Management capability). Allows you to choose how you manage Authorization prompts including sudo control and Installer privileges.

If you select Present users with a challenge code from the dropdown, you are prompted to configure the challenge and response functionality at the end of creating your Workstyle, if your policy doesn't already have one.

  1. Application Control (Controlling Workstyle with the Application Control capability). Allows you to choose:
    • How you want to apply application control. You can choose from an allowlist or blocklist approach. We recommend you use an allowlist approach.
      • As an allowlist: How you want to handle non-allowed applications.
      • As a blocklist: How you want to handle blocked applications.
  2. Finish. Allows you to enter a Name and Description for your new policy. If the Workstyle has been configured to use a Challenge / Response message and the policy doesn't have an existing key, you will be asked to set a key. You can check the box on this screen to activate this Workstyle immediately or you can clear the box to continue configuring the Workstyle before you apply it to your endpoints.

Depending on the type of Workstyle you created and any capabilities that have been included, Privilege Management for Mac will auto-generate certain Application Groups (containing rules) and Messages. Filters are applied and subsequently configured as part of the Workstyle.

For more information, please see the following sections: