If a match is found, a comparison
against the excluded user and groups list is performed to filter out any process
that should be excluded based on those rules.
Any filter criteria that includes both file and command-line matching criteria and
user and groups matching criteria must evaluate to true in both cases to be included. For
example, if you create a process matching criteria to look for the process MyService.exe
and also specify that the user must be BUILTIN\Administrator, only MyService.exe processes
initiated by BUILTIN\Administrator will be included. If any other user launches
MyService.exe, it is not included and is placed in the default group.
NOTE Criteria names cannot start with a hyphen (??“), and cannot contain spaces or any of the
following characters: \ / ? * | : < > ??? , ;
Hands-On Exercise: Creating a Process Matching Criterion
In this exercise, we will create a process matching criterion to match Notepad.exe when
executed by an account belonging to the local Users group.
1. Open Windows System Resource Manager (Start | Administrative Tools |
Windows System Resource Manager).
2. You will be prompted to select the server to administer??”either the local or a
remote node. Select This Computer, and then click Connect.
3. Right-click Process Matching Criteria in the navigation pane and choose New
Process Matching Criteria from the pop-up menu.
4.
Pages:
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271