When creating policies, you can apply them to a limited number of users or Active Directory groups. When applying a policy to a specific user, consider service accounts that might be required.
For example, if you want to permit iTunes for only your C.E.O., you can add his domain\CEOName to the policy. However, iTunes also requires additional services to run, that run under the system account. In this case, you would also want to add the SYSTEM account to the policy.
To apply a policy to limited users, first navigate to either the ‘Application Control’ or ‘Storage Control’ page using the ‘Modules’ dropdown menu.
If you are in the ‘Application Control’ page, select the ‘Policies’ tab on the top right side of the page.
Now, in either the ‘Storage Control’ or ‘Application Control’ > ‘ Policies’ page, select the policy you wish to edit.
A popout window titled ‘Edit Application Policy’ will now appear.
Navigate to the ‘Applies To*’ section of the page, then select the button labeled ‘Selected Users & Groups’. Selecting this button will cause a new input field to appear.
In this field, enter the username of the person you wish to apply this policy to. When adding a username, you can use wildcards. For example: *\SYSTEM
If you wish to add an Active Directory group, select the group from the dropdown list and click the + button. This requires an active Azure integration. For information on how to set this up, please navigate to the following link:
Select ‘Save’ at the bottom of the page if you are in the ‘Application Control Policies’ page or ‘Create’ if you are in ‘Storage Control’. Deploy policies after your new policy has been created.