The Program Control feature prevents the launch of unauthorized programs "behind NetMan Desktop Manager's back." To maintain full protection, the NetMan Client must be running on the workstation. To enable prevention of unwanted program launch on machines that are not running the NetMan Client, Program Control has two operating modes:
•Service control: Basic control function, without NetMan Client running. Prerequisite: The Client service must be active.
•Client control: Comprehensive control function, with NetMan Client running. Prerequisite: NetMan Client must be running, and actively connected to the NetMan Service.
Program Control features:
•Only those programs can be launched which have NetMan as a direct parent process.
•Programs which do not have NetMan as a parent process are blocked. You can define permitted programs or directories in a list of exceptions.
•You can use a Program Control Action to define additional, Script-specific exceptions.
To ensure trouble-free running of the operating program, the following programs are always permitted:
•Those launched by the system
•Those launched by the local administrator
Program Control thus prevents basically all program calls. You can define a list of exceptions to specify programs that are permitted to launch. The list of exceptions lets you define the following:
•Folders from which programs are permitted to launch
•Permitted programs
•Permitted certificates. Specifically, a program that has a certificate you define as permitted will be allowed to launch.
The Program Control feature is configured in the NetMan Settings:
With the default settings, the Program Control utility is not active. If the box next to Activate NetMan Program Control when the NetMan Client is launched is ticked, the comprehensive control function will be activated when NetMan Client is launched. As long as the NetMan Client is running and is connected to the NetMan Service, your lists of exceptions will be applied. Programs that are not defined in the lists of exceptions and are not called by the system nor the local administrator cannot launch. For a higher security level, tick the box next to Activate basic program control to prevent program launch when NetMan Client is NOT running. With the basic control function, all programs are blocked from executing even if NetMan Client is not running. In this case, however, the lists of exceptions are not processed. The only programs allowed to launch are those called by the system or the local administrator, and those that have NetMan as a parent process. Other programs, i.e. those allowed by your lists of exceptions, cannot launch unless NetMan Client is running.
For details on the control elements available here, see "NetMan Settings/NetMan/Program Control".
Use the buttons above the lists of exceptions to edit the lists. Folder names are automatically converted to NetMan environment variables where applicable. Use the following syntax to include subfolders: <path>\*. This allows programs in subfolders to launch.
The following NetMan variables are assigned to the individual elements in the exception lists:
•Permitted folders: NMAllowedPath1 through NMAllowedPathN
•Permitted programs: NMAllowedExe1 through NMAllowedExeN