The criteria can be based on the path to the file or
command line, or on users and groups, and you can control what to include or exclude.
Figure 7-3. WSRM management interface
220 Microsoft Windows Server 2008 Administration
For example, you can create a rule to apply to any account belonging to the Users local
group but exclude the local Administrator account. The process matching criteria are useless
by themselves. You can think of them as process filters. You can create as many of
them as you want, but until you actually apply them to a policy, they won??™t do anything.
For processes that are matched using included files or command lines, WSRM first
attempts to match based on the process name. If that fails, it compares against the fully
qualified path and filenames. Lastly, it compares against the full process command line.
If a match is found in the included files, WSRM then checks the excluded files list. This
is necessary since the process may have matched due to a wildcard filter but may have
been explicitly excluded by the administrator. Then, against the excluded files, it follows
the same general matching procedure entries used for the included files entries.
For processes that are matched using users and groups, WSRM compares the account
used to create the process against the list of users and groups. This is first done
using an exact user account match; if that is not successful, WSRM compares the user
account against the membership of all the groups specified.
Pages:
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270