Apr 24, 2020
3443
The log file you want to look in is %LOCALAPPDATA%\PolicyPak\PolicyPak Least Privilege Manager and is called ppUser_Operational.log
.
Once you locate and open the PolicyPak Least Privilege Manager Operational Log… you are looking for the following highlighted items:
- Time / Date Stamp.
- The item which succeeded in being ALLOWED, ELEVATED, or BLOCKED.
- The POLICY OBJECT (GPO) name.
- The POLICY name (that is, the name you gave it inside PolicyPak Least Privilege Manager).
- The RESULT.
Below, the top entry shows an application being denied (because SecureRun is enabled) and the bottom entry shows an application being allowed by using an EXE policy.