Content Rules

Content rules define the actions Privilege Management for Windows takes when content, such as a file, is launched by the user.

You need a Content Group before you can create a Content Rule.

For more information, please see Content Groups.

Insert a Content Rule

Click Content Rules to view, create, or modify the following for each Application Rule:

Option Description
Target Content Group

Select from the Content Groups list.


Select from Allow Modification or Block Access. This is what happens if the user tries to access the content.
End User Message Select if a message is displayed to the user when they try to access the content. We recommend using messages if you're blocking content from being accessed, so the end user has some feedback.
Access Token

Select the type of token to pass to the target Application Group. You can select from:

  • Passive (no change): Doesn't make any change to the user's token. This is essentially an audit feature.
  • Enforce User's default rights: Removes all rights and uses the user's default token. Windows UAC always attempts to add administration rights to the token being used, so if the user clicks on an application that triggers UAC, the user cannot progress past the UAC prompt.
  • Drop Admin Rights: Removes administration rights from the user's token.
  • Add Admin Right: Adds administration rights to the user's token.
Raise an Event Whether or not you want an event to be raised if this content rule is triggered. This forwards to the local event log file.
Run an Audit Script You can choose to run an audit script if required.

McAfee ePO Reporting Options

This option is only available if you checked the McAfee integration box when you installed the Privilege Management Policy Editor.

ePO Queries and Reports Select this option to raise an ePO threat event. These are separate from Privilege Management reporting events.
BeyondTrust Privilege Management Reporting (in ePO) Select this option to raise a Privilege Management reporting event. These are available in BeyondTrust Privilege Management Reporting.

For more information, please see the following: