What log can help me determine why an application (MSI, etc.) was ALLOWED, ELEVATED or BLOCKED?

The log file you want to look in is %appdata%\local\PolicyPak\PolicyPak Least Privilege Manager and is called ppUser_Operational.log.

what-log-can-help-me-determine-why-an-application-msi-etc-was-allowed-elevated-or-blocked-0

Once you locate and open the PolicyPak Least Privilege Manager Operational Log… you are looking for the following highlighted items:

  1. Time / Date Stamp.
  2. The item which succeeded in being ALLOWED, ELEVATED, or BLOCKED.
  3. The POLICY OBJECT (GPO) name.
  4. The POLICY name (that is, the name you gave it inside PolicyPak Least Privilege Manager).
  5. The RESULT.

what-log-can-help-me-determine-why-an-application-msi-etc-was-allowed-elevated-or-blocked-1

Below, the top entry shows an application being denied (because SecureRun is enabled) and the bottom entry shows an application being allowed by using an EXE policy.

what-log-can-help-me-determine-why-an-application-msi-etc-was-allowed-elevated-or-blocked-2

Back