Troubleshoot

Check Endpoint Privilege Management for Mac is Installed and Functioning

If you are having problems, the first step is to verify you have installed the client and the client is functioning.

  • Endpoint Privilege Management for Mac: The graphical interface of Endpoint Privilege Management for Mac on the toolbar for messages and end user interaction
  • defendpointd: The Endpoint Privilege Management for Mac daemon that manages interaction with Endpoint Privilege Management for Mac
  • dppolicyserverd: Manages policy and communicates with defendpointd
  • Custodian: Manages authentication as required by Endpoint Privilege Management for Mac

Check Settings are Deployed

Assuming Endpoint Privilege Management for Mac is installed and functioning, the next step is to verify you have deployed settings to the computer or user.

Check Endpoint Privilege Management for Mac is Licensed

One of the most common reasons for Endpoint Privilege Management for Mac not functioning, is the omission of a valid license from the Endpoint Privilege Management for Mac settings. If you create multiple policies, then you must ensure the computer or user receives at least one policy containing a valid license. To avoid problems, it is simpler to add a valid license to every set of Endpoint Privilege Management for Mac settings that you create.

Check Workstyle Precedence

Assuming Endpoint Privilege Management for Mac is functioning and licensed, most other problems are caused by configuration problems or Workstyle precedence problems.

Once an application matches an Application Group entry in the Application Rules, then processing will not continue for that application. Therefore, it is vital you order your entries correctly:

  • If you create multiple Workstyles, Workstyles higher in the list have a higher precedence.
  • If you have multiple rules in the Application Rules section of a Workstyle, entries higher in the list have a higher precedence.

Application Rules are applied to applications launched either directly by the user or by a running process.

If you have multiple policies applying to a user, computer, or both, then you should ensure policy precedence rules are not causing the problem. If multiple policies are applied to a computer or user, then Endpoint Privilege Management for Mac will apply the policies based on alphanumeric order with the precedence list in defendpoint.plist.