Am currently running with Solidcore application control 6.1.3 (alone) on a Windows 7 client.
One of my requirement is to allow a particular file and folder to be renamed after solidification but I can't use trusted user option. I did also tried using "attr" and "write-protect" options still couldn't make it.
Is there any other ways to make this happen?
When I tried to rename am getting the below error log
McAfee Solidifier prevented an attempt to modify file 'C:\Program Files\sapdb' by process C:\Windows\explorer.exe (Process Id: 2500, User: LAD01-1001\administator)
K.2500.4372: Mar 26 2015:14:35:07.501: SYSTEM: cctl_kern.c : 2423: Process '\Device\HarddiskVolume1\Windows\explorer.exe' tried to write on '\Device\HarddiskVolume1\Program Files\sapdb' and has been DENIED ACCESS. Create flags = 0x80808
K.2500.4372: Mar 26 2015:14:35:07.501: SYSTEM: fshooks.c : 2216: Process \Device\HarddiskVolume1\Windows\explorer.exe tried to modify file \Device\HarddiskVolume1\Program Files\sapdb to \Device\HarddiskVolume1\Program Files\sapdb1 (info_class = 10) and has been DENIED ACCESS.
U.1332.1500: Mar 26 2015:14:35:07.575: ERROR: evt.c : 1240: McAfee Solidifier prevented an attempt to modify file 'C:\Program Files\sapdb' by process C:\Windows\explorer.exe (Process Id: 2500, User: LAD01-1001\administator).
The service desk team which re-installs applications on systems but all the member in the team are not defined as trusted user.
This will be a routine change as and when application doesn't work.
So my requirement is one of the member in the service desk team (who is not a trusted user) should be able to modify or rename a folder on a solidified system.
Is that possible?
This sounds like delegating the 'Start Update' and 'End Update' mode commands in ePO would be a better way to complete these tasks.
You can implement this using a Client Task (scheduled to 'Run Immediatly') assigned by Tag, so you don't need to give too many permissions to the Helpdesk/Service Desk team but will be able to make these changes.