LiamBourke Not exactly. Partly, this is because there's only ONE configuration. AD GP works with multiple GPOs, inheritance, enforcement, preference, group policy loopback, etc. etc. You need gpresult to figure out which GPOs apply. With EM, you only have one configuration. BUT, you still want something that evaluates conditions to tell you which nodes/actions will apply in a specific scenario. We do have a tool in development called the Endpoint Configuration Analyzer, but we don't have a release date for the tool.
In the meantime, make sure you're using policy auditing within your EM configuration. You can audit all of the actions so that they show up in the local event logs. After a user logs on, you can see in the event logs all of the actions, and whether they succeeded or failed. If an action has no log, it either means you weren't auditing that action, or the action didn't run (because some condition evaluated to false).
is that on the appsense server or on the server that the user logs onto that will have the appsense local logs?
LiamBourke Which actions get audited are specified within the EM configuration file. The audit events are then tracked in the event logs on the endpoint where the agent/config is running.
You could also do enterprise auditing using Management Center, but it is NOT recommended to track these events that way, as these are high volume events, and would make your database grow very quickly.