Policy Reports

A policy report shows information about the assigned policies on each Endpoint Security Client computer in the organization. You cannot see the Policy Report in SmartEndpoint. It is a CSV file that is created on the Endpoint Security Management Server at scheduled times.

To enable scheduled Policy Reports:

1. On the Endpoint Security Management Server, run: cpstop
2. Open the server’s local.properties file: $UEPMDIR/engine/conf/local.properties
3. Find the line: #emon.scheduler.time=9:55:00,10:55:00,15:33:00
   • Delete the # from the line
   • Edit the times to show the hour when the reports will be created. Reports will be created each day at these times.
   • Make sure the line is in this format: emon.scheduler.time=HH:mm:ss,HH:mm:ss,HH:mm:ss
     with no spaces between the times and commas.
4. Find the line: #emon.scheduler.max.reports=10
   • Delete the # from the line
   • The number represents the maximum number of reports that can remain in the report directory. The oldest ones are overridden by newer ones. Optional: Edit the number.
   • Make sure the line is in this format: emon.scheduler.max.reports=<number of reports to save>.
5. Find the line: #emon.scheduler.policyreport=true
   • Delete the # from the line
   • Make sure the line is in this format: emon.scheduler.policyreport=true
6. Create a new folder in $FWDIR/conf/SMC_Files/uepm/reports/. Run:

   mkdir $FWDIR/conf/SMC_Files/uepm/reports
chmod 2777 $FWDIR/conf/SMC_Files/uepm/reports

   The name of the report will be: policyReport<number>.csv

   The number represents the creation time so newer reports have higher numbers.

7. Run: cpstart

When a Policy Report is generated, it includes these fields:

• General fields:
  • User Name - ntlocal for local user, ntdomain://<DOMAIN-NAME>/<USER LOGON NAME> for domain users
  • Computer Name - Name of the computer
  • User Location - User domain distinguished name (empty for local users)
  • Group Names - The names of the groups the user is in
  • IP Address - The most updated IP address of the device
  • Last Contact - The last time the computer had contact with the Endpoint Security Management Server
  • OS Name - The full name of the Operating System, for example: Windows 8.1 Professional Edition
  • OS Version - The version of the Operating System, for example: 6.2-9200-SP0.0-SMP
  • OS Type - Workstation or Server
  • Machine Type - Laptop or Desktop
  • Domain Name - Active Directory domain, if relevant
• Policy (includes OneCheck User Settings, Full Disk Encryption, Media Encryption & Port Protection, and Client Settings):
  • <Blade> ID - A unique identifier of a policy rule that applies to the user or computer
  • <Blade> Name - The rule name (given by the administrator)
  • <Blade> Description - The rule comment (given by the administrator)
  • <Blade> Actions - The names of the rule actions
  • <Blade> Version - The version of the rule
  • <Blade> Modified By - The name of the administrator that last modified the rule
  • <Blade> Install Time - When the component was installed on the client
  • <Blade> Inherited From - The Active Directory path the rule was originally assigned on and inherited by this machine.