Troubleshoot

Check Privilege Management for Mac is Installed and Functioning

If you are having problems, the first step is to verify you have installed the client and the client is functioning.

  • Privilege Management for Mac: The graphical interface of Privilege Management for Mac on the toolbar for messages and end user interaction
  • defendpointd: The Privilege Management for Mac daemon that manages interaction with Privilege Management for Mac
  • dppolicyserverd: Manages policy and communicates with defendpointd
  • Custodian: Manages authentication as required by Privilege Management for Mac

The Privilege Management for Mac service requires MSXML6 in order to load the Privilege Management for Mac settings, but the service will still run even if MSXML6 is not present.

Windows 7 and Windows Server 2008 R2 already include MSXML6.

Check Settings are Deployed

Assuming Privilege Management for Mac is installed and functioning, the next step is to verify you have deployed settings to the computer or user.

Check Privilege Management for Mac is Licensed

One of the most common reasons for Privilege Management for Mac not functioning, is the omission of a valid license from the Privilege Management for Mac settings. If you create multiple policies, then you must ensure the computer or user receives at least one policy containing a valid license. To avoid problems, it is simpler to add a valid license to every set of Privilege Management for Mac settings that you create.

Check Workstyle Precedence

Assuming Privilege Management for Mac is functioning and licensed, most other problems are caused by configuration problems or Workstyle precedence problems.

Once an application matches an Application Group entry in the Application Rules, then processing will not continue for that application. Therefore, it is vital you order your entries correctly:

  • If you create multiple Workstyles, Workstyles higher in the list have a higher precedence.
  • If you have multiple rules in the Application Rules section of a Workstyle, entries higher in the list have a higher precedence.

Application Rules are applied to applications launched either directly by the user or by a running process.

If you have multiple policies applying to a user, computer, or both, then you should ensure policy precedence rules are not causing the problem. If multiple policies are applied to a computer or user, then Privilege Management for Mac will apply the policies based on alphanumeric order with the precedence list in defendpoint.plist.