You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > 330: Least Privilege Manager > Knowledge Base > 08: Troubleshooting > 01: What log can help me determine why an application (MSI, etc.) was ALLOWED, ELEVATED or BLOCKED?
01: What log can help me determine why an application (MSI, etc.) was ALLOWED, ELEVATED or BLOCKED?
print icon
PPWeb Team
Apr 24, 2020
views icon 3428

The log file you want to look in is %LOCALAPPDATA%\PolicyPak\PolicyPak Least Privilege Manager and is called ppUser_Operational.log.

 

 

Once you locate and open the PolicyPak Least Privilege Manager Operational Log… you are looking for the following highlighted items:

  1. Time / Date Stamp.
  2. The item which succeeded in being ALLOWED, ELEVATED, or BLOCKED.
  3. The POLICY OBJECT (GPO) name.
  4. The POLICY name (that is, the name you gave it inside PolicyPak Least Privilege Manager).
  5. The RESULT.

 

Below, the top entry shows an application being denied (because SecureRun is enabled) and the bottom entry shows an application being allowed by using an EXE policy.

 

Feedback
0 out of 1 found this helpful

close button
scroll to top icon