Application Manager

What precisely does Application Manager do? It is, in my opinion, one of the most underrated products in the AppSense portfolio. The application management part of this is often referred to by myself as "AppLocker on steroids", providing a highly granular application whitelisting solution that allows you to customize your application control to cover huge amounts of eventualities. But this also ties in with the excellent User Rights Management piece that allows users to elevate or de-elevate their privileges and rights on-the-fly, allowing them to perform tasks that would normally be outside of their scope or necessitate use of secondary accounts and RunAs commands. Add to this the potential for device control, software inventory and licensing management it provides, and you have a product that delivers a massive amount of value across a whole breadth of situations.

Aggregated below are the posts detailing what you can do with Application Manager, and how to deal with problems you may find when using it.

Using AppSense Application Manager to override traditional AV?
Managing licensing using AppSense Application Manager device control
Setting application time limits using Application Manager
Working with the Terminal Services %temp% variable in Application Manager
How to replace your antivirus with AppSense Application Manager greylisting
Problems with non-English Adobe Reader X and Application Manager
AppSense Application Manager Rules Analyzer
Self-Elevation of Start Menu Pinned Items
Using Application Manager Process Rules
Using Application Manager Device Rules to restrict locally-installed apps
User Rights Management and Web Installations 
Using AppSense Application Manager to de-elevate administrative rights 
Using AppSense Application Manager to allow non-admin users to install software
Deploying AppSense Application Manager configurations into Active Directory Group Policy
Mitigating against CryptoLocker using AppSense Application Manager


  1. Hi James,

    I am very new to appsense,
    What is the difference between application manager, environment manager and profile manager. ?

    1. Hi Vijay

      The tabs at the top for the three main DesktopNow areas (EM, AM and PM) should give you some useful information.

  2. Hi James,

    I have a requirement for users to modify the content of published application folder with non admin privilege. I have granted them shared folder access with modify control. However whenever a non admin user modifies the application package with new version & then try to launch the published application from the citrix portal they get the error " user is not authorized to execute the application.exe" I thought this is trusted ownership issue & added the shared folder in the allowed list for everyone group. But still this issue is not resolved.
    Shared folder is a hidden share with a $ symbol. Does this cause any issue for the trusted ownership not to apply?

  3. Did you set the Allow item to "run this file even if not owned by a trusted owner"? Network locations are disallowed by default, even with trusted ownership.

    If it still persists, try using the Rules Analyzer to see which rule is blocking it.



  4. Hi James,

    We have implemented appsense AM policy for not to allow local installs of google chrome and mozilla firefox browser. The install is allowed only for administrator. But we found certain users who have admin access to the machines are installing these browsers. I would like to block any installs of these browsers and there by allowing the local installs if the user is member of "Allow-Chrome", Though if he is an administrator, the AM should allow an admin to install local chrome if he is member of "Allow-Chrome"group. Let me know your view. I have added chromeinstall to blocked list. do we have to include any other exe's for the block list? as we have app-v for browser delivery.

    1. The problem you have here is "admin trumps all". Even if you disallow the install for admins and allow it for the Allow-Chrome group, the administrator has the rights to stop the AM service and simply do it anyway. Admin is God - there's no way around this. Best you can do is try and work out a way of removing those local administrator rights!