Not trying to hijack this thread, but a question on this:
Where exactly may I set the days that SEPM keeps the logs of Application & Device Control?
In practice, I want to know the files users have copied and devices that have been disabled.
In the SQL-Settings I have various possibilities as I see and have set up ("Management Server Log Settings", "Client Log Settings", "Risk Log Settings"). But none of these settings seems to correlate with the effective logged data I get presented after checking the logs.
Am I missing something there?