From 593c0b19fb7efb958af73eb5b6312caebc02ed82 Mon Sep 17 00:00:00 2001 From: John Demianiuk <91333819+PP-IvanDem@users.noreply.github.com> Date: Fri, 3 Jul 2026 11:07:16 -0400 Subject: [PATCH 1/4] Update Admin Approval dialog scenarios in documentation Clarified behavior of Admin Approval dialog based on SecureRun settings. --- .../technotes/tipssecurerun/adminapprovalwork.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md b/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md index 08beaa31ec..a56b38264c 100644 --- a/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md +++ b/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md @@ -15,7 +15,7 @@ As of CSE version 23.8.xxxx and higher, if the **Show Admin Approval dialog for applications** is disabled,then the decision on whether to show the Admin Approval dialog will be based on the following: -SCENARIO 1: If SecureRun is disabledthen the Admin Approval dialog must notbe shown. +SCENARIO 1: If SecureRun is disabled, the checkbox makes no difference. The Admin Approval dialog will not appear for processes based on image file ownership. It will still appear for processes that require elevation. SCENARIO 2: If SecureRun is enabled: From 2d334055142446d4c18afe77bee8094f2954542b Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Fri, 3 Jul 2026 15:14:45 +0000 Subject: [PATCH 2/4] fix(vale): auto-fix style issues (Vale + Dale) --- .../tipssecurerun/adminapprovalwork.md | 22 +++++++++---------- 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md b/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md index a56b38264c..e00b96bbeb 100644 --- a/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md +++ b/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md @@ -4,26 +4,24 @@ description: "How does the option \"Show Admin Approval dialog for untrusted app sidebar_position: 90 --- -# How does the option "Show Admin Approval dialog for untrusted application" in Admin Approval work? +# How the "Show Admin Approval dialog for untrusted application" option in Admin Approval works -If the Show Admin Approval dialog for untrusted applications is enabled,then the decision on whether +If the Show Admin Approval dialog for untrusted applications is enabled,then the decision on whether to show the Admin Approval dialog will work, as it has done up to version 23.6.3571. In other words, -the Admin Approval dialog will be shown for untrusted applications and/or any applications requiring +the Admin Approval dialog appears for untrusted applications and/or any applications requiring elevation. As of CSE version 23.8.xxxx and higher, if the **Show Admin Approval dialog for untrusted -applications** is disabled,then the decision on whether to show the Admin Approval dialog will be -based on the following: +applications** is disabled,then the following determines the decision on whether to show the Admin +Approval dialog: SCENARIO 1: If SecureRun is disabled, the checkbox makes no difference. The Admin Approval dialog will not appear for processes based on image file ownership. It will still appear for processes that require elevation. -SCENARIO 2: If SecureRun is enabled: +SCENARIO 2: If SecureRun is enabled: -- If the file is owned by an untrusted principal and elevation is not required, then the Admin - Approval dialog will notbe shown, and it will be blocked by SecureRun. -- If elevation is required, then Admin Approval will be shown, regardless if the file is owned by a - trusted principal or not. +- If an untrusted principal owns the file and elevation isn't required, then the Admin + Approval dialog does not appear, and SecureRun blocks it. +- If elevation is required, then Admin Approval appears, regardless of whether a trusted principal + owns the file. ![977_1_image-20230824223216-1_950x550](/images/policypak/leastprivilege/securerun/977_1_image-20230824223216-1_950x550.webp) - - From c273bc3bbc18c2def6c641e6ab732e1fa1168061 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Fri, 3 Jul 2026 15:18:00 +0000 Subject: [PATCH 3/4] docs: apply fixes from PR review Clarify SCENARIO 1: name the Show Admin Approval dialog for untrusted applications option instead of 'checkbox', and connect 'image file ownership' to the file's owner concept used in SCENARIO 2. Co-Authored-By: Claude --- .../technotes/tipssecurerun/adminapprovalwork.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md b/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md index e00b96bbeb..e284ee0bd5 100644 --- a/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md +++ b/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md @@ -15,7 +15,7 @@ As of CSE version 23.8.xxxx and higher, if the **Show Admin Approval dialog for applications** is disabled,then the following determines the decision on whether to show the Admin Approval dialog: -SCENARIO 1: If SecureRun is disabled, the checkbox makes no difference. The Admin Approval dialog will not appear for processes based on image file ownership. It will still appear for processes that require elevation. +SCENARIO 1: If SecureRun is disabled, the **Show Admin Approval dialog for untrusted applications** option makes no difference. The Admin Approval dialog will not appear for processes based on the file's owner (image file ownership). It will still appear for processes that require elevation. SCENARIO 2: If SecureRun is enabled: From 84c393726f93ceb9871b784fbd06e128ce3b050d Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Fri, 3 Jul 2026 15:20:22 +0000 Subject: [PATCH 4/4] fix(vale): auto-fix style issues (Vale + Dale) --- .../technotes/tipssecurerun/adminapprovalwork.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md b/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md index e284ee0bd5..b0ece80e97 100644 --- a/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md +++ b/docs/policypak/components/leastprivilegemanager/technotes/tipssecurerun/adminapprovalwork.md @@ -12,7 +12,7 @@ the Admin Approval dialog appears for untrusted applications and/or any applicat elevation. As of CSE version 23.8.xxxx and higher, if the **Show Admin Approval dialog for untrusted -applications** is disabled,then the following determines the decision on whether to show the Admin +applications** is disabled,then the following determines whether to show the Admin Approval dialog: SCENARIO 1: If SecureRun is disabled, the **Show Admin Approval dialog for untrusted applications** option makes no difference. The Admin Approval dialog will not appear for processes based on the file's owner (image file ownership). It will still appear for processes that require elevation. @@ -20,7 +20,7 @@ SCENARIO 1: If SecureRun is disabled, the **Show Admin Approval dialog for untru SCENARIO 2: If SecureRun is enabled: - If an untrusted principal owns the file and elevation isn't required, then the Admin - Approval dialog does not appear, and SecureRun blocks it. + Approval dialog doesn't appear, and SecureRun blocks it. - If elevation is required, then Admin Approval appears, regardless of whether a trusted principal owns the file.