Video Screencast Help

Re-enable Application and Device Control on client

Created: 22 Dec 2011 • Updated: 22 Dec 2011 | 2 comments

Hi all,

I noticed in SEP 12.1 the option for a client to enable/disable Application and Device Control under Change Settings | Client Management | Configure Settings | checkbox.  I know it can be set so they cannot change it; but It's a good troubleshooting option.  If a user disables it, how can it be re-enabled "automatically"?  It's not good that they can disable it and leave it disabled while they are working.  I waited for the heartbeat and then even manually updated the policy; but the option stays disabled.  Is there a registry value that can be remotely set to enable it?

Thanks.

Comments 2 CommentsJump to latest comment

.Brian's picture

I've looked at this but I've only found it possible to re-enable by checking the box in the settings than letting policy replicate, than unchecking again and letting policy replicate....again.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

thromada's picture

I just submitted this idea:

Problem: In SEP 12.1, it's not good that a client can disable the Application and Device Control policy and leave it disabled while they are working.

Steps to recreate problem: On a SEP 12.1 client, go to Change Settings | Client Management | Configure Settings | checkbox for Enable Application and Device Control.

More info: I know policy can be set so they cannot change it; but It's a good troubleshooting option.  The problem is if a user disables it, it will stay disabled.

Idea: Make the option similar to the firewall enable/disable time features so the admin can set Application and Device Control to automatically re-enable after a period of timel; and also a number of times a user is permitted to disable it.  For example, in SEPM, click Clients | My Company | Policies tab | Location-specific Settings | Server Control | Customize.  Under the Network Threat Protection section there "time" and "number of times" options for the firewall.  The section for Proactive Threat Protection should have the same time features as Network Threat Protection.