Answer
PROBLEM
EndPointSecurity is allowing access to a device
ENVIRONMENT
- GFI EndPointSecurity
- All Supported Environments
SOLUTION
- Check that the device is not on the device whitelist in the policy.
- Check the permissions list under the Security node (of the Users view) of the policy for the following:
- If the user being allowed access is a member of a security group that is allowing access, confirm the user is a member of this group in Active Directory
- Ensure that the user is not a member any group defined in Power Users. Local Admins are sometimes nested as Domain Adminstrators.
- If you are blocking access to the device by device category, ensure that the device is listed as that device category by scanning the machine the device is plugged into with the Device Scan tool. Note: EndPointSecurity does not assign device categories - the Windows OS does this when a device is plugged into a port.
If you have checked the above things and your configuration is correct, try the following troubleshooting methods:
- Have the user log into a 2nd computer that has the same policy applied (and up-to-date) and test to see if they are denied access. If they are denied on the 2nd computer, it indicates the 1st computer has problems resolving the user's group membership.
- Add the user directly to the policy Security permissions section, redeploy the policy and see if the user is denied access. This also is an indicator that the computer is having trouble resolving the user's group membership.
CAUSE
There can be many causes but these are likely:
- The user has not been assigned to a group added to the policy
- The user is a member of the power users group directly or indirectly
- The device is whitelisted
- The device is not controlled