While you are working in environment where access rights have been configured in a secure way, sometimes there is a need for particular users to edit certain files with one or another application. Let’s take an example of hosts file editing on standard user’s side.
We can create a rule in Netwrix PolicyPak Least Privilege Manager which will specifically allow to edit ONLY the file you wish him to edit, nothing more.
We may use a Notepad text editor in this case but you may elevate any editor. All you have to do is to create an executable combo rule with PATH condition (for notepad.exe) and COMMAND LINE arguments (where path to HOSTS file used as argument) with STRICT EQUALITY option enabled.
Should look like this:
And remember – you are elevating the Application (Notepad in this case), not the file itself.