Application Groups

Application Groups are used to define logical groupings of applications.

Application Groups are assigned to Workstyles, so you must define Application Groups for all of the applications you want to assign to a Workstyle.

Create an Application Group

To create an Application Group:

  1. Log in to ePO Policy Orchestrator and click Policy Catalog.
  2. Navigate to the BeyondTrustPrivilege Management for Windows policy you want to edit.
  3. On the left tree menu, under the Windows branch, click on Application Groups, and then click Actions > Add.
  4. Enter a name and a description (if required) for the new Application Group.
  5. Check the Hidden box to hide the Application Group.
  6. Click OK.

After you change the policy, click Submit and then Save to save the policy. In ePO 5.10 and later, if you have Trellix Approvals workflow enabled, this workflow can be modified to change the Save button to Submit for Review based on user permissions.

For more information, please see Show Hidden Groups in Privilege Management.

View or Edit the Properties of an Application Group

Each Application Group has a name, an optional description, and can be hidden from the policy navigation tree. You can edit these in the properties for the Application Group.

To view the properties of an Application Group:

  1. Log in to ePO Policy Orchestrator and click Policy Catalog.
  2. Navigate to the BeyondTrust Privilege Management for Windows policy which contains the Application Group you want to view or edit.
  3. Check the box next to the Application Group you want to view the properties for.
  4. Click Actions > Properties to view the properties.
  5. Make any changes you require and click OK to save the new properties.

Delete an Application Group

Application Groups are usually mapped to one or more Application Rule in a Workstyle. If you attempt to delete an Application Rule that is mapped to an Application Group, you are notified of this before you continue. If you continue to delete the Application Group, the associated Application Rule in the Workstyle is also deleted.

To delete an Application Group:

  1. Log in to ePO Policy Orchestrator and click Policy Catalog.
  2. Navigate to the BeyondTrust Privilege Management for Windows policy that contains the Application Group you want to delete.
  3. Check the box adjacent to the Application Group you want to delete.
  4. Click Actions > Delete. If there aren't any Application Rules in the Workstyle using that Application Group, then it is deleted. If there are Application Rules in the Workstyle that are referencing that Application Group, then you are prompted to check the reference before you continue. If you click OK then both the Application Group and the Application Rule that references it are deleted from your policy. If you don't want to do this, click Cancel.

Duplicate an Application Group

You can duplicate an Application Group if you need a new Application Group that contains the same applications as an existing Application Group. You can edit a duplicated Application Group independently of the Application Group it was duplicated from.

To duplicate a Application Group:

  1. Log in to ePO Policy Orchestrator and click on Policy Catalog.
  2. Navigate to the BeyondTrustPrivilege Management for Windows policy that contains the Application Group you want to duplicate.
  3. Select the Application Group you want to duplicate.
  4. Under the Windows branch, click on Application Groups, then click Actions > Duplicate.

A new duplicate Application Group with an incremental number in brackets appended to the name is created. After creation, you can add applications to the Application Group.