Policy Reports

A policy report shows information about the assigned policies on each Endpoint Security Client computer in the organization. You cannot see the Policy Report in SmartEndpoint. It is a CSV file that is created on the Endpoint Security Management Server at scheduled times.

To enable scheduled Policy Reports:

  1. On the Endpoint Security Management Server, run: cpstop

  2. Open the server's local.properties file: $UEPMDIR/engine/conf/local.properties

  3. Find the line: #emon.scheduler.time=9:55:00,10:55:00,15:33:00

    • Delete the # from the line

    • Edit the times to show the hour when the reports will be created. Reports will be created each day at these times.

    • Make sure the line is in this format: emon.scheduler.time=HH:mm:ss,HH:mm:ss,HH:mm:ss
      with no spaces between the times and commas.

  4. Find the line: #emon.scheduler.max.reports=10

    • Delete the # from the line

    • The number represents the maximum number of reports that can remain in the report directory. The oldest ones are overridden by newer ones. Optional: Edit the number.

    • Make sure the line is in this format: emon.scheduler.max.reports=<number of reports to save>.

  5. Find the line: #emon.scheduler.policyreport=true

    • Delete the # from the line

    • Make sure the line is in this format: emon.scheduler.policyreport=true

  6. Create a new folder in $FWDIR/conf/SMC_Files/uepm/reports/. Run:

    mkdir $FWDIR/conf/SMC_Files/uepm/reports
    chmod 2777 $FWDIR/conf/SMC_Files/uepm/reports

    The name of the report will be: policyReport<number>.csv

    The number represents the creation time so newer reports have higher numbers.

  7. Run: cpstart

When a Policy Report is generated, it includes these fields:

  • General fields:

    • User Name - ntlocal for local user, ntdomain://<DOMAIN-NAME>/<USER LOGON NAME> for domain users

    • Computer Name - Name of the computer

    • User Location - User domain distinguished name (empty for local users)

    • Group Names - The names of the groups the user is in

    • IP Address - The most updated IP address of the device

    • Last Contact - The last time the computer had contact with the Endpoint Security Management Server

    • OS Name - The full name of the Operating System, for example: Windows 8.1 Professional Edition

    • OS Version - The version of the Operating System, for example: 6.2-9200-SP0.0-SMP

    • OS Type - Workstation or Server

    • Machine Type - Laptop or Desktop

    • Domain Name - Active Directory domain, if relevant

  • Policy (includes OneCheck User Settings, Full Disk Encryption, Media Encryption & Port Protection, and Client Settings):

    • <Blade> ID - A unique identifier of a policy rule that applies to the user or computer

    • <Blade> Name - The rule name (given by the administrator)

    • <Blade> Description - The rule comment (given by the administrator)

    • <Blade> Actions - The names of the rule actions

    • <Blade> Version - The version of the rule

    • <Blade> Modified By - The name of the administrator that last modified the rule

    • <Blade> Install Time - When the component was installed on the client

    • <Blade> Inherited From - The Active Directory path the rule was originally assigned on and inherited by this machine.