Application Control Policy User Based Targeting not working
Problem
An application control policy is applied by a User filter to specific (or all) users, but the policy does not take effect after a machine reboots, loses connectivity to the network, or at all. The issue is with using the "Applied to Users" from Symantec. Machines clear user based application control policies on a machine reboot or after losing network connectivity.
An example of a poorly configured policy:
Machine with policy before reboot:
Machine without policy after reboot and no network connectivity:
Solution
By using an Arellia User Context Filter and using that filter as an include only parameter on an application policy and applying that policy to all computers, the policy will always be on the computer and only be applied to users in the user context filter regardless of network connectivity or restarting a computer.
Steps:
- To create a user context filter, navigate to Arellia > Application Control > Filters > User Context
- Right-click on User Context and select New > User Context Filter
- Rename the User Context filter appropriately, then click Select next to User groups (Or Built-in accounts, Well-known accounts)
- Select the appropriate groups the filter should include
- Save the User Context Filter
- Navigate to the Application Control Policy that needs to be applied to only certain users
- Click Select any mandatory filters that these applications must match next to Include only
- Select the newly created User Context Filter
- Save the Application Control Policy
The application control policy will now only get applied to users in the context filter.