This is the first installment in a series of posts about the new features and options in AppSense Version 8 Service Pack 2. (If you have not yet downloaded this latest release, you can read more info and download it from here )
AppSense Environment Manager 8.0 Service Pack 2 introduces a new option – Run As.
This emulates the Microsoft Run As command and allows actions to be executed in the context of another, specified user. For example launching an application in a different user context.
When selecting the Run As tab in an action you are presented with one, two or three options:
Current User: Available on all relevant User actions. This is the default selected method and runs the action in the context of the logged on user.
System: Available on all actions. This is the default method for Computer nodes and runs the action in the context of the System user.
User: Available on all relevant User actions. On selection of this option the administrator is prompted to select a friendly name to run as. If no friendly name exists, the Run As Library can be launched where friendly names, usernames and passwords can be stored for re‐use.
The friendly names are stored in the configuration in a reusable library section. Each friendly name is accompanied by the username and password. The password is encrypted using a one‐way public key. This prevents passwords from being reverse engineered.
During installation of the AppSense Environment Manager Agent, the private key is added to the machines key store. This is a write only store, i.e. it cannot be read.
When an action is run as a specified user the associated username and password are used to impersonate said user. AppSense Environment Manager uses a handle to the private key to decrypt the password at this point.
Note: The Run As specified user only impersonates that user. This means the user’s profile and registry hive are not loaded from the domain due to the associated overhead. This results in the environment variables for the action representing the System user and not the currently logged on user or specified user.
Note: This is both a very powerful and potentially dangerous function. Even though the password is encrypted, the username and password pair can be applied to any action and a malicious user may be able to alter the configuration to possibly bypass security. Therefore, this function must be used with extreme care.
P:S
As this is an ever growing blog topic, more posts on the other new features we have detailed can be found below:
NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As
NEW FEATURE No. 2 – AppSense Environment Manager 8.0 Service Pack 2 – Connect As
NEW FEATURE No. 5 – AppSense Environment Manager 8.0 Service Pack 2 – Run Once
NEW FEATURE No. 6 – AppSense Environment Manager 8.0 Service Pack 2 – Group SID Refresh
NEW FEATURE No. 8 – AppSense Environment Manager 8.0 Service Pack 2 – Stop If Fails
NEW FEATURE No. 10 – AppSense Environment Manager 8.0 Service Pack 2 – Refresh
NEW FEATURE No. 11 – AppSense Environment Manager 8.0 Service Pack 2 – Registry Hive Exclusions
AppSense 
[…] This service pack will improve the performance and provide greater flexibility and control options. It also contains many new features, of which I shall detail a new feature each day, the first of which can be found here. […]
[…] in functionality to the Run As option (see previous post), the Connect As option is only available from the Drive and Printers […]
[…] NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] Note: Registry Hive Exclusions currently only work when hiving out settings rather than hiving them in. This is the preferred method since it reduces the amount of required storage space on the network. P:S As this is an ever growing blog topic, the previous posts on the other new features we have detailed can be found below: NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] NEW FEATURE No. 9 – AppSense Environment Manager 8.0 Service Pack 2 – New Application Categories in the User Interface by 352admin 11. September 2009 05:04 This is the ninth installment in a series of posts about the new features and options in AppSense Version 8 Service Pack 2. (If you have not yet downloaded this latest release, you can read more info and download it from here ) AppSense Environment Manager 8.0 Service Pack 2 introduces new Application Categories in the User Interface to make it easier to identify applications added by the administrator, versus default applications created by AppSense Environment Manager at install time: P:S As this is an ever growing blog topic, the previous posts on the other new features we have detailed can be found below: NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] Note: Stop If Fails is not available from within either reusable nodes or reusable conditions. Copying or moving nodes or conditions that contain the Stop If Fails option to reusable nodes or reusable conditions results in those Stop If Fails options being removed. However, Stop If Fails can still be applied to the reusable node when referenced from within the main body of the configuration. P:S As this is an ever growing blog topic, the previous posts on the other new features we have detailed can be found below: NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] NEW FEATURE No. 7 – AppSense Environment Manager 8.0 Service Pack 2 – Trigger Action Time Audit Event by 352admin 2. September 2009 05:55 This is the seventh installment in a series of posts about the new features and options in AppSense Version 8 Service Pack 2. (If you have not yet downloaded this latest release, you can read more info and download it from here ) AppSense Environment Manager Service Pack 2.0 introduces a new auditing event – Trigger Action Time. A Trigger is the instigator for both conditions and actions to be processed. For example: Please see the screenshot below showing that when the 'JD Edwards' application is launched, and the user is running the application on a client within a 'set IP address range', then a specific printer is automatically mapped as the only printer available for the application. In the above case, the Trigger is the launching of 'an' application, the condition is meeting both the application being 'JDEwards.exe' and the IP address range criteria and the policy action is the mapping of the specific printer. Other Trigger actions include Computer Startup, Computer Shutdown, User Logon, User Logoff, Process Started, Process Stopped, Network Connect, Network Disconnect etc… On selection, this new event is raised for every used Trigger. This details the start time, end time and duration for the chosen trigger conditions and actions to complete. P:S As this is an ever growing blog topic, the previous posts on the other new features we have detailed can be found below: NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] NEW FEATURE No. 6 – AppSense Environment Manager 8.0 Service Pack 2 – Group SID Refresh by 352admin 1. September 2009 04:51 This is the sixth installment in a series of posts about the new features and options in AppSense Version 8 Service Pack 2. (If you have not yet downloaded this latest release, you can read more info and download it from here ) AppSense Environment Manager Service Pack 2 introduces a new option – Group SID Refresh. User Group Membership (and Primary Group) conditions are evaluated by using a Security Identifier (SID) token look‐up function, which is processed extremely quickly. If the SID is not present in the configuration an Active Directory lookup is performed instead. SID tokens are added to the conditions during creation and a more time‐costly look‐up is performed at this stage. If a configuration is copied from one discreet domain to another, for example, ‘Test’ to ‘Live’, both the fully qualified domain names (FQDNs) and the SIDs will be incorrect. The Group SID Refresh option allows administrators to both search and replace elements of the FQDN and update the SID values to the new FQDNs. This can also be used to refresh SID values without any replacement. P:S As this is an ever growing blog topic, the previous posts on the other new features we have detailed can be found below: NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] User | Logoff Each Run Once condition uses its own unique internal variable to monitor when the condition is satisfied. This enables any number of conditions to be utilized but only once within the current session. So, for example, you could pop up a 'maintenance' warning message only the first time a specific application is launched within that session. Tip It is possible to change the Run Once condition to become a ‘Run More than Once’ condition by editing an existing Run Once condition and selecting ‘Ctrl‐Alt‐Right Click’ in the dialog to bring up a new counter spin control. Altering the counter value from ‘1’ to the desired number will change the action to a ‘Run More than Once’ action. P:S As this is an ever growing blog topic, the previous posts on the other new features we have detailed can be found below: NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] P:S As this is an ever growing blog topic, the previous posts on the other new features we have detailed can be found below: NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] Service Pack 2 introduces a new option – Connect As. Similar in functionality to the Run As option (see previous post), the Connect As option is only available from the Drive and Printers Actions. This new feature can […]
[…] P:S As this is an ever growing blog topic, more posts on the other new features we have detailed can be found below: NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As […]
[…] options. It also contains many new features, of which I shall detail a new feature each day,the first of which can be found here. (Details of the enhancements included in this Service Pack can be found in the release notes as […]