Environment
- App Control Console: 8.1 P2 and above
Objective
How to limit the user in the App Control console to approve files locally.
Resolution
- Create role with below access.
- Computers View computers
- Files View files and applications
- Files Change local state
- Devices View devices
- Reports View events
- Assign all or specific policy as per requirement.
- Create user and select newly created role.
- Login to newly created user.
- Try to approve files locally from the events page. Access should be blocked
Additional Notes
Make sure the file the user is trying to approve is from the computer under selected policy.