How to manage Rule Sets and Rules in Application Masking

Application Masking manages access to Applications, Fonts, and other items based on criteria. The Application Rules Editor is used to Describe the item, such as application, to be managed. The Editor is also used to define criteria rules are managed by. For instance, GitHub should be hidden from the Accounting group. Things you can do with the Apps Rules Editor:

  • Create new Rule Sets
  • Edit existing Rule Sets
  • Manage the user and group assignments for Rule Sets
  • Temporarily test rule-sets

Before using the Application Rules Editor, it must be installed

Rule Types

FSlogix supports four rule types

  • Hiding Rule - hides the specified items using specified criteria

Screenshot of hiding rule

  • Redirect Rule - causes the specified item to be redirected as defined

Screenshot of redirect rule

  • App Container Rule - redirects the specified content into a VHD

Screenshot of redirect rule

  • Specify Value Rule - assigns a value for the specified item

Screenshot of redirect rule

Create a new Rule Set

  • Open the Apps Rule Editor. The first time you enter the Apps Rules Editor there won't be any rule sets in the left panel. In this example, one rule set has already been created named Contoso_1 with GitHub Desktop added.

Screenshot of app rules editor

  • Click File then New to create a new Rule Set
  • Provide a name for the Rule Set and click Enter Filename
  • After a filename is entered, a selection is made for the type and content of the rule
  • In this example GitHub Desktop is selected
  • After specifying the parameters wanted, click Scan to create a rule

Screenshot of app rules editor

Create a new rule

  • Select an existing Rule Set from the left panel
  • Select Edit then New Rule
  • Specify the type of rule
  • Enter the required parameters
  • Click OK

Delete a rule

  • Select an existing Rule Set from the left panel
  • Select one or more Rules from the right panel
  • Select Edit then Delete Rule

Edit a rule

  • Select an existing Rule Set from the left panel
  • Select an existing Rule from the right panel
  • Select Edit then Edit Rule

System Variables and Wildcards in Rules

The following variables and wildcards may be used for specifying paths as described.

Source Path Wildcards

A * (wildcard) character can be used in source paths to represent an entire path element.

Example: C:\users\*\Documents

Destination Path Variables

The following variables are used in destination paths only. Variables are preceded and followed by two underscore characters

Variable Description
__USER_SID__ Resolves to the user’s SID string.
__USER_NAME__ Resolves to the user’s name string.
__USER_PROFILE_PATH__ Resolves to the user’s profile folder (Example C:\users\admin)

Environment Variables

The following Environment Variables may be used in both source and destination paths

Note

Environment variables are case sensitive.

When using the Rule Editor to add or edit Rules, these variables automatically replace the proper text in the Source and Destination strings.

  • %WindowsFolder%
  • %CommonAppDataFolder%
  • %CommonStartMenuFolder%
  • %CommonFilesFolder32%
  • %ProgramFilesFolder32%
  • %SystemFolder32%
  • %CommonFilesFolder64%
  • %ProgramFilesFolder64%
  • %SystemFolder64%

Redirecting to a network

Files and directories can be redirected to resources located on a network. The user must have appropriate rights to the network resource. To redirect to a network location, enter the path (in UNC format) into the Destination field.

Deploying Rule Sets

Application Masking and Java Version Control rely on Rules and Rule Sets. By default, Rules and Rule Sets are accessed from C:\Program Files\FSLogix\Apps\Rules. The location where Rules and Rule Sets are accessed differ if the FSLogix installation location is changed.

To deploy a rule set, use any method to copy rule files (.fxr) and assignment files (.fxa) to the rules directory.

Note

Any rule sets copied into/updated/deleted from the Rules folder will be automatically detected by the Service (frxsvc.exe) and compiled into a special format used by the Drivers (frxdrv.sys and frxdrvvt.sys). The service will then notify the driver of a change and the driver performs a live update of your installed rule sets. The compiled rule set files are located in C:\Program Files\FSLogix\Apps\CompiledRules