Insert PowerShell Scripts

Privilege Management for Windows allows you to target specific PowerShell scripts and assign privileges to the script without granting local administration rights to the user. Scripts can also be blocked if they are not authorized or allowed.

  1. Select the Application Group you want to add the PowerShell script to.
  2. In the right pane, select Actions > Add Application > PowerShell Script.
  3. We recommend that you add a Description so that you can identify the PowerShell Script in the Application Group table. The Description is not used as matching criteria for the application definition.
  4. You need to configure the matching criteria for the PowerShell script. You can configure:
    • File or Folder Name matches
    • Command Line matches
    • Drive matches
    • File Hash (SHA-1 Fingerprint) matches
    • Publisher matches
    • Trusted Ownership matches
    • Parent Process matches
    • Source URL matches
    • BeyondTrust Zone Identifier exists
  5. You need to configure the Advanced Options for the application. You can configure:
    • Allow child processes will match this application definition
    • Force standard user rights on File Open/Save common dialogs
  6. Click OK. The PowerShell Script is added to the Application Group.

PowerShell scripts that contain only a single line are interpreted and matched as a PowerShell command, and do not match a PowerShell script definition. We recommend that PowerShell scripts contain at least two lines of commands to ensure that they are correctly matched as a PowerShell script. This cannot be achieved by adding a comment to the script.

For more information, please see the following: