3 Replies Latest reply on Feb 7, 2019 9:32 AM by randyb1

    How to find out what policies are applied to a user when they logon

    LiamBourke Rookie

      I am using appsense environment manager (Build 8.4.495.0)

      Is there a way I can check in appsense what policies are applied to a user similar to gpresult/r for group policy ?

       

      thanks

      Liam.

        • 1. Re: How to find out what policies are applied to a user when they logon
          randyb1 SupportEmployee

          LiamBourke Not exactly.  Partly, this is because there's only ONE configuration.  AD GP works with multiple GPOs, inheritance, enforcement, preference, group policy loopback, etc. etc.  You need gpresult to figure out which GPOs apply.  With EM, you only have one configuration.  BUT, you still want something that evaluates conditions to tell you which nodes/actions will apply in a specific scenario.  We do have a tool in development called the Endpoint Configuration Analyzer, but we don't have a release date for the tool.

           

          In the meantime, make sure you're using policy auditing within your EM configuration.  You can audit all of the actions so that they show up in the local event logs.  After a user logs on, you can see in the event logs all of the actions, and whether they succeeded or failed.  If an action has no log, it either means you weren't auditing that action, or the action didn't run (because some condition evaluated to false).

          • 2. Re: How to find out what policies are applied to a user when they logon
            LiamBourke Rookie

            is that on the appsense server or on the server that the user logs onto that will have the appsense local logs?

            • 3. Re: How to find out what policies are applied to a user when they logon
              randyb1 SupportEmployee

              LiamBourke Which actions get audited are specified within the EM configuration file.  The audit events are then tracked in the event logs on the endpoint where the agent/config is running.

               

              You could also do enterprise auditing using Management Center, but it is NOT recommended to track these events that way, as these are high volume events, and would make your database grow very quickly.