Directory and file control

  • 2 minute(s) read
Prev Next

This feature allows the administrator to register configurations to control the permission of Windows files and directories.

Configure directory control

  1. Access the Segura platform.

  2. Go to EPM ➔ Policies ➔ Windows ➔ Directory and File Control. In this menu, you can access the report of previously configured controls. These controls can be:

    • General rule: valid in all workstations where EPM is active and approved.
    • Segregation by workstation: the configuration will be valid only for the workstation defined in the form.

  3. To create a new control, click the (⁝) icon and choose the General rule or Segregation by workstation report action.

  4. In the displayed form, enter the name of the new control rule.

    Attention

    This registration does not allow regular expressions. your content goes here

  5. Enter the full path of the file or directory.

  6. Also, choose if this control will be enabled or disabled.

  7. In the Allow or Deny field, select whether the permissions displayed in the Permission field will be granted to users.

    • Allow: users or groups will have permission.
    • Deny: users or groups will not have permission.

  8. In the Permission list, select the type of action you will allow.

    Attention
    • For all the permission rules, EPM alters the permissions set for all users and groups in this directory, except for "System," which retains its permissions.
    • We strongly advise against changing the permission rules in directories that affect the operating system, such as "C:\Windows", as it can affect the system's operation.
    • Read: permission only to view and list the files and subfiles/subdirectories.
    • Write: permission to edit or add the file/directory in a directory.
    • Read & Execute: permission to view, execute and access the files/directory.
    • List folder contents: permission to view, read, and execute directory contents.

  9. List folder contents: permission to view, read, and execute the contents of the directory.

    Attention

    Only directories have the “List folder contents” permission. The permission will be denied if applied to a file.

    • Modify: permission to read and write the file/directory.
    • Full Control: permission for all the actions listed above.

  10. Click Addto add permission for the control.

    • The form will display a Workstation tab if you have chosen the Segregation by workstation control option.
    • When accessing this tab, click the (+) icon and select the workstations that will be part of this configuration from the list.
    • Click Add.

  11. Finally, click Save.

Access the workstation where the control was configured and try to perform the denied or allowed permissions.

Remove the permission of a user

  1. Delete the configuration of the user.
  2. Add generic information like "adm" or "admin" that is valid.
  3. You can also choose to add the configuration again. In the Allow or Deny field, select Deny.