How are DRIVE MAPS and UNC paths supported in PolicyPak Least Privilege Manager?

First, let’s start with UNC paths.
UNC Paths:

  • UNC Paths are supported and honored.
  • Note that the same UNC target could have different names, for instance \\fabrikam\share, \\fabrikam.com\share or \\192.168.2.10\share might all point the exact same place.
  • Each rule name is evaluated differently.
  • Therefore, as an example… to make your UNC rules, you would need to cover all the bases:
    • A rule could be for \\fabrikam\Share which will work, but…
    • You would also need a rule for \\fabrikam.com\Share and also if desired…
    • You would need a rule for \\192.168.2.10\share ….

Tip: If you want to elevate all files in \\SERVER\Share you must use TARGET = FOLDER (see screenshot below.)
But if you want to elevate all files in \\Server\Share AND all files in any subfolders (\\Server\Share\Subfolder1, \\Server\Share\Subfolder2, etc.) then you must specify TARGET = FOLDER (recursive) (see screenshot below.)

Drive Maps:

  • Think of drive maps like “shortcuts” which map to existing UNC paths. So, S: is really a map to \\fabrikam\share, \\fabrikam.com\share or \\192.168.2.10\share
  • You don’t need to make any explicit “Drive map” rules. So, don’t elevate “S:” in PolicyPak Least Privilege Manager. That is incorrect syntax.
  • Instead, you would make a UNC path rule for what S: is really pointing to.
  • So, for instance, if you want to elevate all files in S: (which is mapping to \\fabrikam.com\share) , that’s fine:
    • You don’t need to have a PolicyPak Least Privilege Manager rule to “Elevate S:”.
    • You DO need to have a PolicyPak Least Privilege Manager rule to “Elevate \\fabrikam.com\share” and select Folder or Folder (Recursive) as shown here.

how-are-drive-maps-and-unc-paths-supported-in-policypak-least-privilege-manager-0

Back