3 Replies Latest reply on Oct 16, 2017 6:14 AM by timothyb

    Policy Change Request

    christophN Rookie

      Hello,

       

      I have a issue with the application manager here.

       

      We are using the Version 10.1.423 from application control and 10.1.475 for the CCA.

      I have enabled Policy Change Requests in the Applcation Mananger policy and deployed the policy to one of my test clients, in this case it´s Windows 8.1

       

      I can see in the management console, that the client is green and have 100% AND I can see that the latest policy is installed on the test client.

       

      BUT I cant see the policy change request context or desktop icon. Why?

       

      And yes, I do have a valid licence ;-)

      There are no errors in event log. The licence check passed.

       

      Please help.

       

      Thanks.

       

      Best regards,

      Christoph

       

       

        • 1. Re: Policy Change Request
          timothyb SupportEmployee

          A few things to check:

           

          - License, I appreciate that you've said that you've got a valid license.  Ensure that there are no license errors in the Event Logs and the Application Control Agent logs.

          - Are other Application Control rules working e.g. is regedt32.exe blocked for users (assuming you've not disabled that feature)?  Can users launch other applications you've blocked?  If so then the License is probably valid as well.

          - Launch "appwiz.cpl", is the correct config deploy?

          -- If you're using Native configuration deployment, you would need to check manually.  However you could push out a test config that blocks notepad.exe to a test endpoint and confirm that notepad.exe is being blocked.  It will confirm you have the config on you expected.

          - Under Global Settings -> Policy Change Requests, are the fields populated as expected?

          - The user then needs to match at least one rule with the "Policy Change Requests" tab completed.  Probably worth checking that the rule is Restricted.  I'm not sure if this is a requirement but while testing an endpoint, ensure that Self-Auth, Audit Only or Unrestrcited isn't selected.

           

          Failing the above, I would create a blank config and enable Policy Change Requests for the Everyone group and block a few applications such as Notepad.exe, mspaint.exe.  This will help rule out it being a configuration issue.

          • 2. Re: Policy Change Request
            christophN Rookie

            thanks for the fast answer.

             

            Everyhting is fine. No errors in logs, config is deployed, settings are made ...

             

            But, ...

             

            Under "UserPrivileges" / "Applications" .. I had one folder allowed for "Bultin Elevate" + Subfolders. As I deleted this and made a new policy suddenly the icon on the desktop and the context menu appeared. After that, I made the setting again for this folder and deployed the new policy and the icon and the context are still availible. So ... for my understanding ... is it a configuration mistake from my side?

             

            EDIT:

             

            the icon is gone again. so I think the reason is the "applications" setting?!

            • 3. Re: Policy Change Request
              timothyb SupportEmployee

              Having a User Privileges Application rule shouldn't prevent the Policy Change Request from showing.  It might have been the change in Configuration caused an Agent refresh that resulted in the Policy Change Request showing.  After that the issue reoccurred when it hit a possible problem.

               

              I suspect that this issue would need a review of the AMAgent logs.  I would suggest raising a Support Desk incident.

               

              To cut down on the number of information gathering e-mails by Support, please gather the relevant information in the following article: Raising an Application Control Support Case