Application allowlist
Applications that are approved for installation and usage in the IT environment can be specified in the Application allowlist. To use this feature, you must first enable the basic setting ACTIVATE_APPLICATION_ALLOWLISTING in Snow Management and Configuration Center, see Basic settings.
You can let the approved applications be identified automatically by rules based on criteria, such as application name or type, application lifecycle information, or custom fields related to applications, or you can use automation rules based on, for example, number of installations or users. You can also manually add applications to the allowlist, see Allowlist application.
The Application allowlist view consists of the two tabs Rules and Applications (result).
Tab | Description |
---|---|
Rules | The rules that are used to create the allowlist of approved applications in your IT environment. |
Applications (result) | The list of applications that are affected by your allowlist rules, whether the applications are installed or not. The columns Installations and Users show the number of installations and users in your IT environment. Note that the same application can be listed multiple times if it is caught by multiple rules. |
To see a list of all applications on the allowlist, do one of the following:
-
Use the report All applications and add the report criteria Allowlisted.
-
In the Search for applications view, add the column Allowlisted (Yes/No) from the Column selector.
Installation or usage of an application that is not on the allowlist will result in an alert.
When both an allowlist and a denylist are specified in Snow License Manager, the applications on the allowlist appear with a white background in the Computer details and User details views, and the denylisted applications appear with a red background. All non-listed applications appear with a gray background.
If an application is caught by both an allowlist rule and a denylist rule, the denylist rule will override the allowlist rule. The application will appear on the Applications (result) tab of both lists, but it will only appear as a denylisted application in the user interface and in the reports of Snow License Manager.
Add allowlist rules
-
On the Home menu, under Administration, select Application allowlist.
-
On the Rules tab, select Add rule.
-
In the Rule details step, do the following:
-
In Rule name, enter a name for the rule.
-
Optionally, in Comment, enter a description of the rule and a comment on why the rule exists.
-
Select Next step.
-
-
In the Applications step, use filters to find the applications you want to add to the allowlist. Do the following:
-
Use the Add group or Add criteria to create the filter. Use % as a wildcard character to include several applications with common names or manufacturers.
Example: Application name equal to Microsoft SQL Server 2016 Standard
-
To see what applications the filter returns, select Preview results.
-
Optionally, by selecting the Automatically allowlist the last [x] versions you can have a selected number of the most recent versions of the application on the allowlist. See the example below.
-
When the required filters are in place, select Save.
-
EXAMPLE
You always want to have the three most recent versions of Microsoft SQL Server Standard on your allowlist. Instead of manually adding and removing the versions to and from the allowlist whenever a new version is released, you can use the setting Automatically allowlist the last [x] versions.
In the Applications step, do the following:
-
Create the filter Application name equal to Microsoft SQL Server 2016 Standard.
-
Select Preview results.
You will see that the filter returns the application Microsoft SQL Server 2016 Standard, only. -
For the setting Automatically allowlist the last [x] versions, select 3 versions.
-
Select Preview results.
You will now see that the filter returns the applications Microsoft SQL Server 2017 Standard, Microsoft SQL Server 2019 Standard, and Microsoft SQL Server 2022 Standard.
Note that the application Microsoft SQL Server 2016 Standard is not listed anymore.When the next version of Microsoft SQL Server Standard is released, the oldest of the three versions will be removed from the allowlist, in this case Microsoft SQL Server 2017 Standard. In this way, the setting Automatically allowlist the last [x] versions lets you create rules that require no maintenance.
Edit allowlist rules
-
On the Home menu, under Administration, select Application allowlist.
-
On the Rules tab, select the rule you want to edit.
-
Add or edit the applicable information in the Rule details and Applications steps.
-
Select Save.
Delete allowlist rules
-
On the Home menu, under Administration, select Application allowlist.
-
On the Rules tab, find the rule you want to delete, and then select Delete.
-
Select OK to confirm.
Use allowlist automation rules
-
On the Home menu, under Administration, select Application allowlist.
-
On the Rules tab, under Allowlist automation rules, select Edit.
-
To use a rule, select the check box of that rule.
If needed, change the quantities of the installations and the users.
-
To apply the automation rules, select Apply rules.