How to execute an application with EPM Windows

  • 2 minute(s) read
Prev Next

This document provides a step-by-step guide on how to execute applications with EPM Windows. You’ll learn how to execute an application inside and outside of EPM Windows, and how the system works during the process.

The applications must first be identified by EPM Windows before it can be executed. Not all applications may be listed in the Execute menu of EPM. If an application is not on the list, you can drag its shortcut, runtime binary into it or click on the Refresh button to search for new applications.

Info

The accepted file extensions are: .exe, .lnk, .msc, and .msi.

Requirements

To execute applications with elevation, you must configure it through the Users can elevate applications global parameter or an access policy.

  • Configuring via the global parameter applies elevation to all applications.
  • Configuring via an access policy applies elevation only to the applications included in that specific policy.

Execute an application inside of EPM Windows

This section outlines how to execute an application inside of EPM Windows.

  1. Start EPM.
  2. Search for the application you intend to execute.
  3. To execute it, right-click on it, select Show more options and choose one of the options:
    • Execute: executes the application with the current user.
    • Execute as impersonated user: executes the application impersonating another user. The credential’s password isn’t required.
    • Execute as user (runas): executes the application as another user. The credential’s password must match the Windows’ user password.
    • Execute as user not elevated (runas): executes the application as another user but without elevation. The credentials’ username and password must match Windows’ user and password.
    • Execute network shared applications: executes applications shared over the network.
Info

Applications included in access policies that require either approval or justification will only be permitted to execute once the associated workflow has reached completion.

Execute an application outside of EPM Windows

This section outlines how to execute an application outside of EPM Windows.

EPM intercepts application executions that require an approval or justification workflow, according to the access policies defined by the administrator. More information in How to configure application access policies for EPM Windows.

When EPM intercepts an application that requires approval or justification, the system displays a message informing the user about the block, and the application remains blocked until the workflow is completed and access is granted. Executions initiated automatically by the operating system are not intercepted by EPM, but are logged for auditing purposes.

Info

If you try to run an application whose previous request was rejected, you’ll need to start a new approval or justification workflow to gain access.

  1. Search for the application you intend to execute.
  2. To execute it, you have two options:
    1. Right-click on it and choose Execute with EPM.
    2. Double-click it with the left mouse button.

The elevation used when executing outside of EPM Windows is Run with privileges. The application will be executed with full administrative privileges, provided that the parameter or access policy is configured correctly.

Attention

Validate that there are no GPOs applied or not applied on the workstation that could prevent the EPM Windows client from working correctly.