Privilege Authority Community Forum

Welcome to the Privilege Authority Community

PrivilegeAuthority is a product from ScriptLogic that allows administrators to elevate privileges for specific programs, windows features or ActiveX controls, without running every user as an administrator.

Privilege Authority provides a powerful, flexible way to tighten overall security on a workstation, without preventing people from doing their jobs. It is available from scriptlogic.com and other popular download sites as a Professional edition and a free community edition.

Professional edition includes additional security capabilities and technical support from ScriptLogic. This community is for all Privilege Authority users to collaborate, brainstorm new elevation rules, share rules with other users, and provide bug reports and enhancement requests back to ScriptLogic.

Unanswered Active Topics

Forums Search

Forums > Privilege Authority Community Forum > Community Technical Support

Rule Does Not Exist

Last Post 04 Oct 2011 09:40 PM by Don Reynolds (ScriptLogic). 8 Replies.

Sort:

	Prev Next
You are not authorized to post a reply.

Author

Messages

dave

New Member
Posts:1

15 Jul 2010 04:09 PM
I am using PA 1.2. My attempt for now is just to blow the client out to the users. I have file stored on a network share. I have created the software installation in GPMC and setup the GPO in PA. It wasnt working so I decided to test the rule. By the way I installed the client locally on my computer all ready and am testing the roll out on other computers. My results of the test are, Privilege Authority client installed, green check. Refresh Group Policy, green check. Check group policy object is present, green check. Finally, Check the rule exists, red X and message below says The Rule Does Not Exist. What am I missing? Thanks.

George Plummer (ScriptLogic) User is Offline

Posts:125

21 Jul 2010 10:06 AM
Could you send the log files after running the test? The log files can be located in the folder which is available under the Client menu option in the PA console. Thanks.

itm

New Member
Posts:1

02 Dec 2010 08:26 PM
Was there a fix for this person? I am having the same problem.

George Plummer (ScriptLogic) User is Offline

Posts:125

03 Dec 2010 03:35 AM
Can you turn on logging, zip up your log files and post them here?

Bengaul

New Member
Posts:16

25 May 2011 01:35 PM
Hi, I am having this problem, however, I also have a log file that I will gladly submit! Help anyone! 25/05 10:28:49.878 \| DeferredAction.h(214) \| 1556 \| NONE \| ************************* Log started *********************** 25/05 10:28:49.878 \| DeferredAction.h(214) \| 1556 \| DBG \| Stopping thread 1848 25/05 10:28:49.878 \| DeferredAction.h(169) \| 1848 \| DBG \| Stopped DoWork thread 1848 25/05 10:28:49.878 \| DeferredAction.h(222) \| 1556 \| DBG \| Thread 1848 is stopped 25/05 10:28:51.579 \| DeferredAction.h(206) \| 3228 \| NONE \| *********************** Log started *********************** 25/05 10:28:51.579 \| DeferredAction.h(206) \| 3228 \| DBG \| Thread 3188 is created for deferred action servicing 25/05 10:28:51.579 \| DeferredAction.h(164) \| 3188 \| DBG \| Started DoWork thread 3188 25/05 10:28:51.579 \| LogonMonitor.cpp(93) \| 3228 \| NONE \| CSEWLPackage is not loaded by winlogon - using SENS to detect users logon/logoff 25/05 10:28:51.590 \| LogonMonitor.cpp(287) \| 3228 \| NONE \| User logon detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 10:28:51.590 \| LogonMonitor.cpp(293) \| 3228 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 subscriber cookie=1 25/05 10:28:51.590 \| DeferredAction.h(206) \| 3228 \| DBG \| Thread 3208 is created for deferred action servicing 25/05 10:28:51.590 \| PolicyManager.cpp(158) \| 3228 \| NONE \| CPolicyManager::Refresh - starting 25/05 10:28:51.590 \| DeferredAction.h(164) \| 3208 \| DBG \| Started DoWork thread 3208 25/05 10:28:51.590 \| PolicyManager.cpp(174) \| 3228 \| NONE \| Activating the local machine policies 25/05 10:28:51.590 \| PolicyManager.cpp(261) \| 3228 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 10:28:51.590 \| PolicyManager.cpp(311) \| 3228 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 10:28:51.590 \| ActiveAction.cpp(65) \| 3228 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 10:28:51.590 \| PolicyManager.cpp(311) \| 3228 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 10:28:51.590 \| PolicyManager.cpp(311) \| 3228 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 10:28:51.590 \| ActiveAction.cpp(65) \| 3228 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 10:28:51.590 \| PolicyManager.cpp(311) \| 3228 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 10:28:51.590 \| PolicyManager.cpp(261) \| 3228 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 10:28:51.590 \| LogonMonitor.cpp(293) \| 3228 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 subscriber cookie=2 25/05 10:28:51.590 \| PolicyManager.cpp(205) \| 3228 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 10:28:51.590 \| PolicyManager.cpp(222) \| 3228 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 10:28:51.590 \| PolicyManager.cpp(261) \| 3228 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - starting 25/05 10:28:51.590 \| PolicyManager.cpp(261) \| 3228 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - succeeded (0 ms) 25/05 10:28:51.590 \| PolicyManager.cpp(261) \| 3228 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 10:28:51.590 \| PolicyManager.cpp(261) \| 3228 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 10:28:51.590 \| PolicyManager.cpp(205) \| 3228 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 10:28:51.590 \| PolicyManager.cpp(158) \| 3228 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 10:28:51.590 \| StartStopMonitor.cpp(74) \| 3228 \| NONE \| Firing 'CSEHostStartEvent' - starting 25/05 10:28:51.590 \| FsFilterLoader.cpp(96) \| 3228 \| NONE \| OnEvent - starting 25/05 10:28:51.590 \| FltDevRestrictionsManager.(51) \| 3228 \| DBG \| driver has default config - skip driver load 25/05 10:28:51.590 \| FsFilterLoader.cpp(96) \| 3228 \| NONE \| OnEvent - succeeded (0 ms) 25/05 10:28:51.590 \| StartStopMonitor.cpp(74) \| 3228 \| NONE \| Firing 'CSEHostStartEvent' - succeeded (0 ms) 25/05 10:29:12.904 \| SENSLogonSink.cpp(80) \| 3268 \| NONE \| OnUserLogoff WYCLIFFE\admin3 - starting 25/05 10:29:12.904 \| SENSLogonSink.cpp(80) \| 3268 \| NONE \| OnUserLogoff WYCLIFFE\admin3 - succeeded (0 ms) 25/05 10:29:16.586 \| LogonMonitor.cpp(287) \| 3188 \| NONE \| User logoff detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 10:29:16.586 \| PolicyManager.cpp(205) \| 3188 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 10:29:16.586 \| PolicyManager.cpp(205) \| 3188 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 10:29:27.936 \| LogonMonitor.cpp(287) \| 3188 \| NONE \| User logon detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 10:29:27.944 \| PolicyManager.cpp(205) \| 3188 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 10:29:27.944 \| PolicyManager.cpp(222) \| 3188 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 10:29:27.969 \| PolicyManager.cpp(261) \| 3188 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - starting 25/05 10:29:27.969 \| PolicyManager.cpp(261) \| 3188 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - succeeded (30 ms) 25/05 10:29:27.969 \| PolicyManager.cpp(261) \| 3188 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 10:29:27.969 \| PolicyManager.cpp(261) \| 3188 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 10:29:27.969 \| PolicyManager.cpp(205) \| 3188 \| NONE \| CPolicyManager:nLogonEvent - succeeded (40 ms) 25/05 10:29:27.969 \| SENSLogonSink.cpp(54) \| 3268 \| NONE \| OnUserLogon WYCLIFFE\huntj - starting 25/05 10:29:27.969 \| SENSLogonSink.cpp(54) \| 3268 \| NONE \| OnUserLogon WYCLIFFE\huntj - succeeded (0 ms) 25/05 10:33:49.479 \| SENSLogonSink.cpp(80) \| 3268 \| NONE \| OnUserLogoff WYCLIFFE\huntj - starting 25/05 10:33:49.479 \| SENSLogonSink.cpp(80) \| 3268 \| NONE \| OnUserLogoff WYCLIFFE\huntj - succeeded (0 ms) 25/05 10:33:53.485 \| LogonMonitor.cpp(287) \| 3188 \| NONE \| User logoff detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 10:33:53.485 \| PolicyManager.cpp(205) \| 3188 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 10:33:53.485 \| PolicyManager.cpp(205) \| 3188 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 10:33:56.209 \| DeferredAction.h(214) \| 3228 \| DBG \| Stopping thread 3188 25/05 10:33:56.209 \| DeferredAction.h(169) \| 3188 \| DBG \| Stopped DoWork thread 3188 25/05 10:33:56.209 \| DeferredAction.h(222) \| 3228 \| DBG \| Thread 3188 is stopped 25/05 10:34:24.867 \| DeferredAction.h(206) \| 1556 \| NONE \| *********************** Log started *********************** 25/05 10:34:24.867 \| DeferredAction.h(206) \| 1556 \| DBG \| Thread 1928 is created for deferred action servicing 25/05 10:34:24.867 \| DeferredAction.h(164) \| 1928 \| DBG \| Started DoWork thread 1928 25/05 10:34:24.867 \| LogonMonitor.cpp(93) \| 1556 \| NONE \| CSEWLPackage is not loaded by winlogon - using SENS to detect users logon/logoff 25/05 10:34:27.677 \| DeferredAction.h(206) \| 1556 \| DBG \| Thread 1980 is created for deferred action servicing 25/05 10:34:27.677 \| PolicyManager.cpp(158) \| 1556 \| NONE \| CPolicyManager::Refresh - starting 25/05 10:34:27.698 \| DeferredAction.h(164) \| 1980 \| DBG \| Started DoWork thread 1980 25/05 10:34:27.698 \| PolicyManager.cpp(174) \| 1556 \| NONE \| Activating the local machine policies 25/05 10:34:27.698 \| PolicyManager.cpp(261) \| 1556 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 10:34:27.718 \| PolicyManager.cpp(311) \| 1556 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 10:34:27.718 \| ActiveAction.cpp(65) \| 1556 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 10:34:27.728 \| PolicyManager.cpp(311) \| 1556 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (30 ms) 25/05 10:34:27.728 \| PolicyManager.cpp(311) \| 1556 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 10:34:27.758 \| ActiveAction.cpp(65) \| 1556 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 10:34:27.768 \| PolicyManager.cpp(311) \| 1556 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (40 ms) 25/05 10:34:27.768 \| PolicyManager.cpp(261) \| 1556 \| NONE \| ActivatePolicies: policySid='' - succeeded (70 ms) 25/05 10:34:27.788 \| PolicyManager.cpp(158) \| 1556 \| NONE \| CPolicyManager::Refresh - succeeded (110 ms) 25/05 10:34:27.788 \| StartStopMonitor.cpp(74) \| 1556 \| NONE \| Firing 'CSEHostStartEvent' - starting 25/05 10:34:27.798 \| FsFilterLoader.cpp(96) \| 1556 \| NONE \| OnEvent - starting 25/05 10:34:27.808 \| FltDevRestrictionsManager.(51) \| 1556 \| DBG \| driver has default config - skip driver load 25/05 10:34:27.808 \| FsFilterLoader.cpp(96) \| 1556 \| NONE \| OnEvent - succeeded (10 ms) 25/05 10:34:27.808 \| StartStopMonitor.cpp(74) \| 1556 \| NONE \| Firing 'CSEHostStartEvent' - succeeded (20 ms) 25/05 10:34:35.409 \| GPUpdateMonitor.cpp(197) \| 1980 \| DBG \| firing GPUpdate event for sid= 25/05 10:34:35.409 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - starting 25/05 10:34:35.409 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 10:34:35.409 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 10:34:35.409 \| PolicyManager.cpp(174) \| 1980 \| NONE \| Activating the local machine policies 25/05 10:34:35.409 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 10:34:35.409 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 10:34:35.409 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 10:34:35.409 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 10:34:35.409 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 10:34:35.409 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 10:34:35.409 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 10:34:35.409 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 10:34:35.409 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 10:34:35.409 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - starting 25/05 10:34:35.409 \| FltDevRestrictionsManager.(51) \| 1980 \| DBG \| driver has default config - skip driver load 25/05 10:34:35.409 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - succeeded (0 ms) 25/05 10:34:41.748 \| GPUpdateMonitor.cpp(197) \| 1980 \| DBG \| firing GPUpdate event for sid= 25/05 10:34:41.748 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - starting 25/05 10:34:41.748 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 10:34:41.748 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 10:34:41.748 \| PolicyManager.cpp(174) \| 1980 \| NONE \| Activating the local machine policies 25/05 10:34:41.748 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 10:34:41.748 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 10:34:41.748 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 10:34:41.748 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 10:34:41.748 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 10:34:41.748 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 10:34:41.748 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 10:34:41.748 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 10:34:41.748 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 10:34:41.748 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - starting 25/05 10:34:41.748 \| FltDevRestrictionsManager.(51) \| 1980 \| DBG \| driver has default config - skip driver load 25/05 10:34:41.748 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - succeeded (0 ms) 25/05 10:35:17.636 \| LogonMonitor.cpp(287) \| 1928 \| NONE \| User logon detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 10:35:17.636 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 10:35:17.646 \| PolicyManager.cpp(222) \| 1928 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 10:35:17.646 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - starting 25/05 10:35:17.686 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - succeeded (40 ms) 25/05 10:35:17.696 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 10:35:17.696 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (10 ms) 25/05 10:35:17.716 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - succeeded (81 ms) 25/05 10:35:17.716 \| SENSLogonSink.cpp(54) \| 516 \| NONE \| OnUserLogon WYCLIFFE\huntj - starting 25/05 10:35:17.736 \| SENSLogonSink.cpp(54) \| 516 \| NONE \| OnUserLogon WYCLIFFE\huntj - succeeded (0 ms) 25/05 11:03:20.418 \| SENSLogonSink.cpp(80) \| 1908 \| NONE \| OnUserLogoff WYCLIFFE\huntj - starting 25/05 11:03:20.418 \| SENSLogonSink.cpp(80) \| 1908 \| NONE \| OnUserLogoff WYCLIFFE\huntj - succeeded (0 ms) 25/05 11:03:24.424 \| LogonMonitor.cpp(287) \| 1928 \| NONE \| User logoff detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:03:24.424 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:03:24.424 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 11:03:44.823 \| LogonMonitor.cpp(287) \| 1928 \| NONE \| User logon detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 11:03:44.823 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:03:44.823 \| PolicyManager.cpp(222) \| 1928 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 11:03:44.823 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - starting 25/05 11:03:44.833 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - succeeded (10 ms) 25/05 11:03:44.833 \| SENSLogonSink.cpp(54) \| 1908 \| NONE \| OnUserLogon WYCLIFFE\admin3 - starting 25/05 11:03:44.833 \| SENSLogonSink.cpp(54) \| 1908 \| NONE \| OnUserLogon WYCLIFFE\admin3 - succeeded (0 ms) 25/05 11:03:44.833 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 11:03:44.833 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 11:03:44.843 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - succeeded (20 ms) 25/05 11:12:56.251 \| SENSLogonSink.cpp(80) \| 1908 \| NONE \| OnUserLogoff WYCLIFFE\admin3 - starting 25/05 11:12:56.251 \| SENSLogonSink.cpp(80) \| 1908 \| NONE \| OnUserLogoff WYCLIFFE\admin3 - succeeded (0 ms) 25/05 11:13:00.256 \| LogonMonitor.cpp(287) \| 1928 \| NONE \| User logoff detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 11:13:00.256 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:13:00.256 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 11:13:28.307 \| LogonMonitor.cpp(287) \| 1928 \| NONE \| User logon detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:13:28.307 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:13:28.307 \| PolicyManager.cpp(222) \| 1928 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:13:28.317 \| SENSLogonSink.cpp(54) \| 1908 \| NONE \| OnUserLogon WYCLIFFE\huntj - starting 25/05 11:13:28.317 \| SENSLogonSink.cpp(54) \| 1908 \| NONE \| OnUserLogon WYCLIFFE\huntj - succeeded (0 ms) 25/05 11:13:28.327 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - starting 25/05 11:13:28.327 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - succeeded (10 ms) 25/05 11:13:28.327 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 11:13:28.327 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 11:13:28.347 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - succeeded (40 ms) 25/05 11:24:15.599 \| GPUpdateMonitor.cpp(197) \| 1980 \| DBG \| firing GPUpdate event for sid= 25/05 11:24:15.599 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - starting 25/05 11:24:15.599 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:24:15.599 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:24:15.599 \| PolicyManager.cpp(174) \| 1980 \| NONE \| Activating the local machine policies 25/05 11:24:15.599 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 11:24:15.599 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 11:24:15.599 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:24:15.599 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 11:24:15.599 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 11:24:15.599 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:24:15.599 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 11:24:15.609 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - succeeded (10 ms) 25/05 11:24:15.609 \| LogonMonitor.cpp(293) \| 1980 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 subscriber cookie=2 25/05 11:24:15.609 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:24:15.609 \| PolicyManager.cpp(222) \| 1980 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:24:15.609 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - starting 25/05 11:24:15.609 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - succeeded (0 ms) 25/05 11:24:15.609 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 11:24:15.609 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 11:24:15.609 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 11:24:15.609 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - succeeded (10 ms) 25/05 11:24:15.609 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - starting 25/05 11:24:15.609 \| FltDevRestrictionsManager.(51) \| 1980 \| DBG \| driver has default config - skip driver load 25/05 11:24:15.609 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - succeeded (0 ms) 25/05 11:24:21.718 \| GPUpdateMonitor.cpp(197) \| 1980 \| DBG \| firing GPUpdate event for sid= 25/05 11:24:21.718 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - starting 25/05 11:24:21.718 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:24:21.718 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:24:21.718 \| PolicyManager.cpp(174) \| 1980 \| NONE \| Activating the local machine policies 25/05 11:24:21.718 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 11:24:21.718 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 11:24:21.718 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:24:21.718 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 11:24:21.718 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 11:24:21.718 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:24:21.718 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 11:24:21.718 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 11:24:21.718 \| LogonMonitor.cpp(293) \| 1980 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 subscriber cookie=2 25/05 11:24:21.718 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:24:21.718 \| PolicyManager.cpp(222) \| 1980 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:24:21.718 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - starting 25/05 11:24:21.718 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - succeeded (0 ms) 25/05 11:24:21.718 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 11:24:21.718 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 11:24:21.718 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 11:24:21.718 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 11:24:21.718 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - starting 25/05 11:24:21.718 \| FltDevRestrictionsManager.(51) \| 1980 \| DBG \| driver has default config - skip driver load 25/05 11:24:21.718 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - succeeded (0 ms) 25/05 11:25:44.908 \| GPUpdateMonitor.cpp(197) \| 1980 \| DBG \| firing GPUpdate event for sid= 25/05 11:25:44.908 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - starting 25/05 11:25:44.908 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:25:44.908 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:25:44.908 \| PolicyManager.cpp(174) \| 1980 \| NONE \| Activating the local machine policies 25/05 11:25:44.908 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 11:25:44.908 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 11:25:44.908 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:25:44.908 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 11:25:44.908 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 11:25:44.908 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:25:44.908 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 11:25:44.908 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 11:25:44.908 \| LogonMonitor.cpp(293) \| 1980 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 subscriber cookie=2 25/05 11:25:44.908 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:25:44.908 \| PolicyManager.cpp(222) \| 1980 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:25:44.908 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - starting 25/05 11:25:44.908 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - succeeded (0 ms) 25/05 11:25:44.908 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 11:25:44.908 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 11:25:44.908 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 11:25:44.908 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 11:25:44.908 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - starting 25/05 11:25:44.908 \| FltDevRestrictionsManager.(51) \| 1980 \| DBG \| driver has default config - skip driver load 25/05 11:25:44.908 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - succeeded (0 ms) 25/05 11:31:50.081 \| GPUpdateMonitor.cpp(197) \| 1980 \| DBG \| firing GPUpdate event for sid= 25/05 11:31:50.081 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - starting 25/05 11:31:50.081 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:31:50.081 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:31:50.081 \| PolicyManager.cpp(174) \| 1980 \| NONE \| Activating the local machine policies 25/05 11:31:50.081 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 11:31:50.081 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 11:31:50.081 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:31:50.081 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 11:31:50.081 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 11:31:50.081 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:31:50.081 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 11:31:50.081 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 11:31:50.081 \| LogonMonitor.cpp(293) \| 1980 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 subscriber cookie=2 25/05 11:31:50.081 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:31:50.081 \| PolicyManager.cpp(222) \| 1980 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:31:50.081 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - starting 25/05 11:31:50.081 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - succeeded (0 ms) 25/05 11:31:50.081 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 11:31:50.081 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 11:31:50.081 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 11:31:50.081 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 11:31:50.081 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - starting 25/05 11:31:50.091 \| FltDevRestrictionsManager.(51) \| 1980 \| DBG \| driver has default config - skip driver load 25/05 11:31:50.091 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - succeeded (10 ms) 25/05 11:32:41.775 \| GPUpdateMonitor.cpp(197) \| 1980 \| DBG \| firing GPUpdate event for sid= 25/05 11:32:41.775 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - starting 25/05 11:32:41.775 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:32:41.775 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:32:41.775 \| PolicyManager.cpp(174) \| 1980 \| NONE \| Activating the local machine policies 25/05 11:32:41.775 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 11:32:41.775 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 11:32:41.775 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:32:41.775 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 11:32:41.775 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 11:32:41.775 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:32:41.775 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 11:32:41.775 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 11:32:41.775 \| LogonMonitor.cpp(293) \| 1980 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 subscriber cookie=2 25/05 11:32:41.775 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:32:41.775 \| PolicyManager.cpp(222) \| 1980 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:32:41.775 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - starting 25/05 11:32:41.775 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - succeeded (0 ms) 25/05 11:32:41.775 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 11:32:41.785 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (10 ms) 25/05 11:32:41.785 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - succeeded (10 ms) 25/05 11:32:41.785 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - succeeded (10 ms) 25/05 11:32:41.785 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - starting 25/05 11:32:41.785 \| FltDevRestrictionsManager.(51) \| 1980 \| DBG \| driver has default config - skip driver load 25/05 11:32:41.785 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - succeeded (0 ms) 25/05 11:35:25.931 \| GPUpdateMonitor.cpp(197) \| 1980 \| DBG \| firing GPUpdate event for sid= 25/05 11:35:25.931 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - starting 25/05 11:35:25.931 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:35:25.931 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:35:25.931 \| PolicyManager.cpp(174) \| 1980 \| NONE \| Activating the local machine policies 25/05 11:35:25.931 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 11:35:25.931 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 11:35:25.931 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:35:25.931 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 11:35:25.931 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 11:35:25.931 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:35:25.931 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 11:35:25.931 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 11:35:25.931 \| LogonMonitor.cpp(293) \| 1980 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 subscriber cookie=2 25/05 11:35:25.931 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:35:25.931 \| PolicyManager.cpp(222) \| 1980 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:35:25.931 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - starting 25/05 11:35:25.931 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - succeeded (0 ms) 25/05 11:35:25.931 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 11:35:25.931 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 11:35:25.931 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 11:35:25.931 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 11:35:25.931 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - starting 25/05 11:35:25.931 \| FltDevRestrictionsManager.(51) \| 1980 \| DBG \| driver has default config - skip driver load 25/05 11:35:25.931 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - succeeded (0 ms) 25/05 11:40:24.165 \| SENSLogonSink.cpp(80) \| 1908 \| NONE \| OnUserLogoff WYCLIFFE\huntj - starting 25/05 11:40:24.165 \| SENSLogonSink.cpp(80) \| 1908 \| NONE \| OnUserLogoff WYCLIFFE\huntj - succeeded (0 ms) 25/05 11:40:28.171 \| LogonMonitor.cpp(287) \| 1928 \| NONE \| User logoff detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:40:28.171 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:40:28.171 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 11:44:33.793 \| LogonMonitor.cpp(287) \| 1928 \| NONE \| User logon detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 11:44:33.793 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:44:33.793 \| PolicyManager.cpp(222) \| 1928 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 11:44:33.793 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - starting 25/05 11:44:33.803 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - succeeded (10 ms) 25/05 11:44:33.803 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 11:44:33.813 \| SENSLogonSink.cpp(54) \| 1908 \| NONE \| OnUserLogon WYCLIFFE\admin3 - starting 25/05 11:44:33.813 \| SENSLogonSink.cpp(54) \| 1908 \| NONE \| OnUserLogon WYCLIFFE\admin3 - succeeded (10 ms) 25/05 11:44:33.813 \| PolicyManager.cpp(261) \| 1928 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (10 ms) 25/05 11:44:33.813 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - succeeded (20 ms) 25/05 11:45:59.632 \| GPUpdateMonitor.cpp(197) \| 1980 \| DBG \| firing GPUpdate event for sid= 25/05 11:45:59.632 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - starting 25/05 11:45:59.632 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:45:59.632 \| ActiveAction.cpp(81) \| 1980 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:45:59.632 \| PolicyManager.cpp(174) \| 1980 \| NONE \| Activating the local machine policies 25/05 11:45:59.632 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 11:45:59.632 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 11:45:59.632 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:45:59.632 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 11:45:59.632 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 11:45:59.632 \| ActiveAction.cpp(65) \| 1980 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:45:59.632 \| PolicyManager.cpp(311) \| 1980 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 11:45:59.632 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 11:45:59.632 \| LogonMonitor.cpp(293) \| 1980 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 subscriber cookie=2 25/05 11:45:59.632 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:45:59.632 \| PolicyManager.cpp(222) \| 1980 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 11:45:59.632 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - starting 25/05 11:45:59.632 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - succeeded (0 ms) 25/05 11:45:59.632 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 11:45:59.632 \| PolicyManager.cpp(261) \| 1980 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 11:45:59.632 \| PolicyManager.cpp(205) \| 1980 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 11:45:59.632 \| PolicyManager.cpp(158) \| 1980 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 11:45:59.632 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - starting 25/05 11:45:59.641 \| FltDevRestrictionsManager.(51) \| 1980 \| DBG \| driver has default config - skip driver load 25/05 11:45:59.641 \| FsFilterLoader.cpp(96) \| 1980 \| NONE \| OnEvent - succeeded (10 ms) 25/05 11:46:09.537 \| SENSLogonSink.cpp(80) \| 3984 \| NONE \| OnUserLogoff WYCLIFFE\admin3 - starting 25/05 11:46:09.537 \| SENSLogonSink.cpp(80) \| 3984 \| NONE \| OnUserLogoff WYCLIFFE\admin3 - succeeded (0 ms) 25/05 11:46:13.502 \| LogonMonitor.cpp(287) \| 1928 \| NONE \| User logoff detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 11:46:13.502 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:46:13.502 \| PolicyManager.cpp(205) \| 1928 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 11:46:16.887 \| DeferredAction.h(214) \| 1556 \| DBG \| Stopping thread 1928 25/05 11:46:16.887 \| DeferredAction.h(169) \| 1928 \| DBG \| Stopped DoWork thread 1928 25/05 11:46:16.887 \| DeferredAction.h(222) \| 1556 \| DBG \| Thread 1928 is stopped 25/05 11:46:55.612 \| DeferredAction.h(206) \| 1528 \| NONE \| *********************** Log started *********************** 25/05 11:46:55.623 \| DeferredAction.h(206) \| 1528 \| DBG \| Thread 1652 is created for deferred action servicing 25/05 11:46:55.623 \| DeferredAction.h(164) \| 1652 \| DBG \| Started DoWork thread 1652 25/05 11:46:55.623 \| LogonMonitor.cpp(93) \| 1528 \| NONE \| CSEWLPackage is not loaded by winlogon - using SENS to detect users logon/logoff 25/05 11:48:24.575 \| DeferredAction.h(206) \| 1528 \| DBG \| Thread 1800 is created for deferred action servicing 25/05 11:48:24.575 \| PolicyManager.cpp(158) \| 1528 \| NONE \| CPolicyManager::Refresh - starting 25/05 11:48:24.575 \| DeferredAction.h(164) \| 1800 \| DBG \| Started DoWork thread 1800 25/05 11:48:24.575 \| PolicyManager.cpp(174) \| 1528 \| NONE \| Activating the local machine policies 25/05 11:48:24.575 \| PolicyManager.cpp(261) \| 1528 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 11:48:24.575 \| PolicyManager.cpp(311) \| 1528 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 11:48:24.575 \| ActiveAction.cpp(65) \| 1528 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:48:24.575 \| PolicyManager.cpp(311) \| 1528 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 11:48:24.575 \| PolicyManager.cpp(311) \| 1528 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 11:48:24.575 \| ActiveAction.cpp(65) \| 1528 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:48:24.575 \| PolicyManager.cpp(311) \| 1528 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 11:48:24.575 \| PolicyManager.cpp(261) \| 1528 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 11:48:24.575 \| PolicyManager.cpp(158) \| 1528 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 11:48:24.575 \| StartStopMonitor.cpp(74) \| 1528 \| NONE \| Firing 'CSEHostStartEvent' - starting 25/05 11:48:24.586 \| FsFilterLoader.cpp(96) \| 1528 \| NONE \| OnEvent - starting 25/05 11:48:24.586 \| FltDevRestrictionsManager.(51) \| 1528 \| DBG \| driver has default config - skip driver load 25/05 11:48:24.586 \| FsFilterLoader.cpp(96) \| 1528 \| NONE \| OnEvent - succeeded (0 ms) 25/05 11:48:24.586 \| StartStopMonitor.cpp(74) \| 1528 \| NONE \| Firing 'CSEHostStartEvent' - succeeded (10 ms) 25/05 11:48:28.213 \| GPUpdateMonitor.cpp(197) \| 1800 \| DBG \| firing GPUpdate event for sid= 25/05 11:48:28.213 \| PolicyManager.cpp(158) \| 1800 \| NONE \| CPolicyManager::Refresh - starting 25/05 11:48:28.213 \| ActiveAction.cpp(81) \| 1800 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:48:28.223 \| ActiveAction.cpp(81) \| 1800 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:48:28.223 \| PolicyManager.cpp(174) \| 1800 \| NONE \| Activating the local machine policies 25/05 11:48:28.223 \| PolicyManager.cpp(261) \| 1800 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 11:48:28.223 \| PolicyManager.cpp(311) \| 1800 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 11:48:28.223 \| ActiveAction.cpp(65) \| 1800 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:48:28.223 \| PolicyManager.cpp(311) \| 1800 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 11:48:28.223 \| PolicyManager.cpp(311) \| 1800 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 11:48:28.223 \| ActiveAction.cpp(65) \| 1800 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:48:28.223 \| PolicyManager.cpp(311) \| 1800 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 11:48:28.223 \| PolicyManager.cpp(261) \| 1800 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 11:48:28.232 \| PolicyManager.cpp(158) \| 1800 \| NONE \| CPolicyManager::Refresh - succeeded (10 ms) 25/05 11:48:28.232 \| FsFilterLoader.cpp(96) \| 1800 \| NONE \| OnEvent - starting 25/05 11:48:28.232 \| FltDevRestrictionsManager.(51) \| 1800 \| DBG \| driver has default config - skip driver load 25/05 11:48:28.232 \| FsFilterLoader.cpp(96) \| 1800 \| NONE \| OnEvent - succeeded (0 ms) 25/05 11:48:33.872 \| GPUpdateMonitor.cpp(197) \| 1800 \| DBG \| firing GPUpdate event for sid= 25/05 11:48:33.872 \| PolicyManager.cpp(158) \| 1800 \| NONE \| CPolicyManager::Refresh - starting 25/05 11:48:33.872 \| ActiveAction.cpp(81) \| 1800 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:48:33.872 \| ActiveAction.cpp(81) \| 1800 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:48:33.872 \| PolicyManager.cpp(174) \| 1800 \| NONE \| Activating the local machine policies 25/05 11:48:33.872 \| PolicyManager.cpp(261) \| 1800 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 11:48:33.872 \| PolicyManager.cpp(311) \| 1800 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 11:48:33.872 \| ActiveAction.cpp(65) \| 1800 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:48:33.872 \| PolicyManager.cpp(311) \| 1800 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 11:48:33.872 \| PolicyManager.cpp(311) \| 1800 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 11:48:33.872 \| ActiveAction.cpp(65) \| 1800 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:48:33.872 \| PolicyManager.cpp(311) \| 1800 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 11:48:33.872 \| PolicyManager.cpp(261) \| 1800 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 11:48:33.872 \| PolicyManager.cpp(158) \| 1800 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 11:48:33.872 \| FsFilterLoader.cpp(96) \| 1800 \| NONE \| OnEvent - starting 25/05 11:48:33.872 \| FltDevRestrictionsManager.(51) \| 1800 \| DBG \| driver has default config - skip driver load 25/05 11:48:33.872 \| FsFilterLoader.cpp(96) \| 1800 \| NONE \| OnEvent - succeeded (0 ms) 25/05 11:48:41.153 \| LogonMonitor.cpp(287) \| 1652 \| NONE \| User logon detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:48:41.153 \| PolicyManager.cpp(205) \| 1652 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:48:41.153 \| PolicyManager.cpp(222) \| 1652 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:48:41.153 \| PolicyManager.cpp(261) \| 1652 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - starting 25/05 11:48:41.162 \| PolicyManager.cpp(261) \| 1652 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - succeeded (10 ms) 25/05 11:48:41.171 \| PolicyManager.cpp(261) \| 1652 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 11:48:41.171 \| PolicyManager.cpp(261) \| 1652 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (10 ms) 25/05 11:48:41.171 \| PolicyManager.cpp(205) \| 1652 \| NONE \| CPolicyManager:nLogonEvent - succeeded (20 ms) 25/05 11:48:41.179 \| SENSLogonSink.cpp(54) \| 2260 \| NONE \| OnUserLogon WYCLIFFE\huntj - starting 25/05 11:48:41.179 \| SENSLogonSink.cpp(54) \| 2260 \| NONE \| OnUserLogon WYCLIFFE\huntj - succeeded (0 ms) 25/05 11:51:18.765 \| GPUpdateMonitor.cpp(197) \| 1800 \| DBG \| firing GPUpdate event for sid= 25/05 11:51:18.765 \| PolicyManager.cpp(158) \| 1800 \| NONE \| CPolicyManager::Refresh - starting 25/05 11:51:18.765 \| ActiveAction.cpp(81) \| 1800 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:51:18.765 \| ActiveAction.cpp(81) \| 1800 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:51:18.765 \| PolicyManager.cpp(174) \| 1800 \| NONE \| Activating the local machine policies 25/05 11:51:18.765 \| PolicyManager.cpp(261) \| 1800 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 11:51:18.765 \| PolicyManager.cpp(311) \| 1800 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 11:51:18.765 \| ActiveAction.cpp(65) \| 1800 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 11:51:18.765 \| PolicyManager.cpp(311) \| 1800 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 11:51:18.765 \| PolicyManager.cpp(311) \| 1800 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 11:51:18.765 \| ActiveAction.cpp(65) \| 1800 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 11:51:18.765 \| PolicyManager.cpp(311) \| 1800 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 11:51:18.765 \| PolicyManager.cpp(261) \| 1800 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 11:51:18.765 \| LogonMonitor.cpp(293) \| 1800 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 subscriber cookie=2 25/05 11:51:18.765 \| PolicyManager.cpp(205) \| 1800 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:51:18.765 \| PolicyManager.cpp(222) \| 1800 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:51:18.765 \| PolicyManager.cpp(261) \| 1800 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - starting 25/05 11:51:18.765 \| PolicyManager.cpp(261) \| 1800 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5972' - succeeded (0 ms) 25/05 11:51:18.765 \| PolicyManager.cpp(261) \| 1800 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 11:51:18.765 \| PolicyManager.cpp(261) \| 1800 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 11:51:18.765 \| PolicyManager.cpp(205) \| 1800 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 11:51:18.765 \| PolicyManager.cpp(158) \| 1800 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 11:51:18.765 \| FsFilterLoader.cpp(96) \| 1800 \| NONE \| OnEvent - starting 25/05 11:51:18.765 \| FltDevRestrictionsManager.(51) \| 1800 \| DBG \| driver has default config - skip driver load 25/05 11:51:18.765 \| FsFilterLoader.cpp(96) \| 1800 \| NONE \| OnEvent - succeeded (0 ms) 25/05 11:59:49.097 \| SENSLogonSink.cpp(80) \| 1624 \| NONE \| OnUserLogoff WYCLIFFE\huntj - starting 25/05 11:59:49.097 \| SENSLogonSink.cpp(80) \| 1624 \| NONE \| OnUserLogoff WYCLIFFE\huntj - succeeded (0 ms) 25/05 11:59:53.102 \| LogonMonitor.cpp(287) \| 1652 \| NONE \| User logoff detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5972 25/05 11:59:53.102 \| PolicyManager.cpp(205) \| 1652 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 11:59:53.102 \| PolicyManager.cpp(205) \| 1652 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 12:02:09.459 \| SENSLogonSink.cpp(54) \| 1624 \| NONE \| OnUserLogon WYCLIFFE\admin3 - starting 25/05 12:02:09.459 \| LogonMonitor.cpp(287) \| 1652 \| NONE \| User logon detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 12:02:09.459 \| PolicyManager.cpp(205) \| 1652 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 12:02:09.459 \| SENSLogonSink.cpp(54) \| 1624 \| NONE \| OnUserLogon WYCLIFFE\admin3 - succeeded (0 ms) 25/05 12:02:09.459 \| PolicyManager.cpp(222) \| 1652 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 12:02:09.459 \| PolicyManager.cpp(261) \| 1652 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - starting 25/05 12:02:09.459 \| PolicyManager.cpp(261) \| 1652 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - succeeded (0 ms) 25/05 12:02:09.459 \| PolicyManager.cpp(261) \| 1652 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 12:02:09.459 \| PolicyManager.cpp(261) \| 1652 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 12:02:09.459 \| PolicyManager.cpp(205) \| 1652 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 12:12:57.247 \| SENSLogonSink.cpp(80) \| 4064 \| NONE \| OnUserLogoff WYCLIFFE\admin3 - starting 25/05 12:12:57.247 \| SENSLogonSink.cpp(80) \| 4064 \| NONE \| OnUserLogoff WYCLIFFE\admin3 - succeeded (0 ms) 25/05 12:13:01.252 \| LogonMonitor.cpp(287) \| 1652 \| NONE \| User logoff detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 12:13:01.252 \| PolicyManager.cpp(205) \| 1652 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 12:13:01.252 \| PolicyManager.cpp(205) \| 1652 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 12:13:13.220 \| DeferredAction.h(214) \| 1528 \| DBG \| Stopping thread 1652 25/05 12:13:13.220 \| DeferredAction.h(169) \| 1652 \| DBG \| Stopped DoWork thread 1652 25/05 12:13:13.220 \| DeferredAction.h(222) \| 1528 \| DBG \| Thread 1652 is stopped 25/05 12:13:49.005 \| DeferredAction.h(206) \| 1604 \| NONE \| *********************** Log started ************************* 25/05 12:13:49.005 \| DeferredAction.h(206) \| 1604 \| DBG \| Thread 1948 is created for deferred action servicing 25/05 12:13:49.005 \| DeferredAction.h(164) \| 1948 \| DBG \| Started DoWork thread 1948 25/05 12:13:49.005 \| LogonMonitor.cpp(93) \| 1604 \| NONE \| CSEWLPackage is not loaded by winlogon - using SENS to detect users logon/logoff 25/05 12:13:51.857 \| DeferredAction.h(206) \| 1604 \| DBG \| Thread 2016 is created for deferred action servicing 25/05 12:13:51.867 \| PolicyManager.cpp(158) \| 1604 \| NONE \| CPolicyManager::Refresh - starting 25/05 12:13:51.887 \| DeferredAction.h(164) \| 2016 \| DBG \| Started DoWork thread 2016 25/05 12:13:51.887 \| PolicyManager.cpp(174) \| 1604 \| NONE \| Activating the local machine policies 25/05 12:13:51.887 \| PolicyManager.cpp(261) \| 1604 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 12:13:51.907 \| PolicyManager.cpp(311) \| 1604 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 12:13:51.917 \| ActiveAction.cpp(65) \| 1604 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 12:13:51.917 \| PolicyManager.cpp(311) \| 1604 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (10 ms) 25/05 12:13:51.917 \| PolicyManager.cpp(311) \| 1604 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 12:13:51.917 \| ActiveAction.cpp(65) \| 1604 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 12:13:51.937 \| PolicyManager.cpp(311) \| 1604 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (20 ms) 25/05 12:13:51.937 \| PolicyManager.cpp(261) \| 1604 \| NONE \| ActivatePolicies: policySid='' - succeeded (50 ms) 25/05 12:13:51.947 \| PolicyManager.cpp(158) \| 1604 \| NONE \| CPolicyManager::Refresh - succeeded (80 ms) 25/05 12:13:51.957 \| StartStopMonitor.cpp(74) \| 1604 \| NONE \| Firing 'CSEHostStartEvent' - starting 25/05 12:13:51.967 \| FsFilterLoader.cpp(96) \| 1604 \| NONE \| OnEvent - starting 25/05 12:13:51.967 \| FltDevRestrictionsManager.(51) \| 1604 \| DBG \| driver has default config - skip driver load 25/05 12:13:51.967 \| FsFilterLoader.cpp(96) \| 1604 \| NONE \| OnEvent - succeeded (0 ms) 25/05 12:13:51.967 \| StartStopMonitor.cpp(74) \| 1604 \| NONE \| Firing 'CSEHostStartEvent' - succeeded (20 ms) 25/05 12:13:59.348 \| GPUpdateMonitor.cpp(197) \| 2016 \| DBG \| firing GPUpdate event for sid= 25/05 12:13:59.348 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - starting 25/05 12:13:59.348 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 12:13:59.358 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 12:13:59.358 \| PolicyManager.cpp(174) \| 2016 \| NONE \| Activating the local machine policies 25/05 12:13:59.358 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 12:13:59.358 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 12:13:59.358 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 12:13:59.358 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 12:13:59.358 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 12:13:59.358 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 12:13:59.358 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 12:13:59.358 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 12:13:59.358 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - succeeded (10 ms) 25/05 12:13:59.358 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - starting 25/05 12:13:59.358 \| FltDevRestrictionsManager.(51) \| 2016 \| DBG \| driver has default config - skip driver load 25/05 12:13:59.358 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - succeeded (0 ms) 25/05 12:14:15.232 \| GPUpdateMonitor.cpp(197) \| 2016 \| DBG \| firing GPUpdate event for sid= 25/05 12:14:15.232 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - starting 25/05 12:14:15.232 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 12:14:15.232 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 12:14:15.232 \| PolicyManager.cpp(174) \| 2016 \| NONE \| Activating the local machine policies 25/05 12:14:15.232 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 12:14:15.232 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 12:14:15.232 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 12:14:15.232 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 12:14:15.232 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 12:14:15.232 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 12:14:15.232 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 12:14:15.232 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 12:14:15.232 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 12:14:15.232 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - starting 25/05 12:14:15.232 \| FltDevRestrictionsManager.(51) \| 2016 \| DBG \| driver has default config - skip driver load 25/05 12:14:15.232 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - succeeded (0 ms) 25/05 12:17:00.980 \| LogonMonitor.cpp(287) \| 1948 \| NONE \| User logon detected: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 12:17:00.980 \| PolicyManager.cpp(205) \| 1948 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 12:17:01.000 \| PolicyManager.cpp(222) \| 1948 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 12:17:01.000 \| PolicyManager.cpp(261) \| 1948 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - starting 25/05 12:17:01.010 \| PolicyManager.cpp(261) \| 1948 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - succeeded (10 ms) 25/05 12:17:01.010 \| PolicyManager.cpp(261) \| 1948 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 12:17:01.010 \| PolicyManager.cpp(261) \| 1948 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 12:17:01.020 \| PolicyManager.cpp(205) \| 1948 \| NONE \| CPolicyManager:nLogonEvent - succeeded (40 ms) 25/05 12:17:01.020 \| SENSLogonSink.cpp(54) \| 1940 \| NONE \| OnUserLogon WYCLIFFE\admin3 - starting 25/05 12:17:01.030 \| SENSLogonSink.cpp(54) \| 1940 \| NONE \| OnUserLogon WYCLIFFE\admin3 - succeeded (10 ms) 25/05 12:25:44.964 \| GPUpdateMonitor.cpp(197) \| 2016 \| DBG \| firing GPUpdate event for sid= 25/05 12:25:44.964 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - starting 25/05 12:25:44.964 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 12:25:44.964 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 12:25:44.964 \| PolicyManager.cpp(174) \| 2016 \| NONE \| Activating the local machine policies 25/05 12:25:44.964 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 12:25:44.964 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 12:25:44.964 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 12:25:44.964 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 12:25:44.964 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 12:25:44.964 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 12:25:44.964 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 12:25:44.964 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 12:25:44.964 \| LogonMonitor.cpp(293) \| 2016 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 subscriber cookie=2 25/05 12:25:44.964 \| PolicyManager.cpp(205) \| 2016 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 12:25:44.964 \| PolicyManager.cpp(222) \| 2016 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 12:25:44.964 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - starting 25/05 12:25:44.964 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - succeeded (0 ms) 25/05 12:25:44.964 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 12:25:44.964 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 12:25:44.964 \| PolicyManager.cpp(205) \| 2016 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 12:25:44.964 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 12:25:44.964 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - starting 25/05 12:25:44.964 \| FltDevRestrictionsManager.(51) \| 2016 \| DBG \| driver has default config - skip driver load 25/05 12:25:44.964 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - succeeded (0 ms) 25/05 12:27:43.725 \| GPUpdateMonitor.cpp(197) \| 2016 \| DBG \| firing GPUpdate event for sid= 25/05 12:27:43.735 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - starting 25/05 12:27:43.735 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 12:27:43.735 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 12:27:43.735 \| PolicyManager.cpp(174) \| 2016 \| NONE \| Activating the local machine policies 25/05 12:27:43.735 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 12:27:43.735 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 12:27:43.735 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 12:27:43.735 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 12:27:43.735 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 12:27:43.735 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 12:27:43.735 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 12:27:43.735 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 12:27:43.735 \| LogonMonitor.cpp(293) \| 2016 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 subscriber cookie=2 25/05 12:27:43.735 \| PolicyManager.cpp(205) \| 2016 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 12:27:43.735 \| PolicyManager.cpp(222) \| 2016 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 12:27:43.735 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - starting 25/05 12:27:43.735 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - succeeded (0 ms) 25/05 12:27:43.735 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 12:27:43.735 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 12:27:43.735 \| PolicyManager.cpp(205) \| 2016 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 12:27:43.735 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 12:27:43.735 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - starting 25/05 12:27:43.735 \| FltDevRestrictionsManager.(51) \| 2016 \| DBG \| driver has default config - skip driver load 25/05 12:27:43.735 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - succeeded (0 ms) 25/05 12:30:35.722 \| GPUpdateMonitor.cpp(197) \| 2016 \| DBG \| firing GPUpdate event for sid= 25/05 12:30:35.722 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - starting 25/05 12:30:35.722 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 12:30:35.722 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 12:30:35.722 \| PolicyManager.cpp(174) \| 2016 \| NONE \| Activating the local machine policies 25/05 12:30:35.722 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 12:30:35.722 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 12:30:35.722 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 12:30:35.722 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 12:30:35.722 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 12:30:35.722 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 12:30:35.722 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 12:30:35.722 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 12:30:35.722 \| LogonMonitor.cpp(293) \| 2016 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 subscriber cookie=2 25/05 12:30:35.722 \| PolicyManager.cpp(205) \| 2016 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 12:30:35.722 \| PolicyManager.cpp(222) \| 2016 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 12:30:35.722 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - starting 25/05 12:30:35.722 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - succeeded (0 ms) 25/05 12:30:35.722 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 12:30:35.722 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 12:30:35.722 \| PolicyManager.cpp(205) \| 2016 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 12:30:35.722 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 12:30:35.722 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - starting 25/05 12:30:35.722 \| FltDevRestrictionsManager.(51) \| 2016 \| DBG \| driver has default config - skip driver load 25/05 12:30:35.722 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - succeeded (0 ms) 25/05 13:25:01.473 \| GPUpdateMonitor.cpp(197) \| 2016 \| DBG \| firing GPUpdate event for sid= 25/05 13:25:01.493 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - starting 25/05 13:25:01.493 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 13:25:01.493 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 13:25:01.493 \| PolicyManager.cpp(174) \| 2016 \| NONE \| Activating the local machine policies 25/05 13:25:01.493 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 13:25:01.493 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 13:25:01.493 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 13:25:01.493 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 13:25:01.493 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 13:25:01.493 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 13:25:01.493 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 13:25:01.493 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 13:25:01.493 \| LogonMonitor.cpp(293) \| 2016 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 subscriber cookie=2 25/05 13:25:01.493 \| PolicyManager.cpp(205) \| 2016 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 13:25:01.493 \| PolicyManager.cpp(222) \| 2016 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 13:25:01.493 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - starting 25/05 13:25:01.503 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - succeeded (10 ms) 25/05 13:25:01.503 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 13:25:01.503 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 13:25:01.503 \| PolicyManager.cpp(205) \| 2016 \| NONE \| CPolicyManager:nLogonEvent - succeeded (10 ms) 25/05 13:25:01.503 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - succeeded (10 ms) 25/05 13:25:01.503 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - starting 25/05 13:25:01.503 \| FltDevRestrictionsManager.(51) \| 2016 \| DBG \| driver has default config - skip driver load 25/05 13:25:01.503 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - succeeded (0 ms) 25/05 13:25:33.209 \| GPUpdateMonitor.cpp(197) \| 2016 \| DBG \| firing GPUpdate event for sid= 25/05 13:25:33.209 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - starting 25/05 13:25:33.209 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 13:25:33.209 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 13:25:33.209 \| PolicyManager.cpp(174) \| 2016 \| NONE \| Activating the local machine policies 25/05 13:25:33.209 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 13:25:33.209 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 13:25:33.209 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 13:25:33.209 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 13:25:33.209 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 13:25:33.209 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 13:25:33.209 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 13:25:33.209 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - succeeded (0 ms) 25/05 13:25:33.209 \| LogonMonitor.cpp(293) \| 2016 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 subscriber cookie=2 25/05 13:25:33.209 \| PolicyManager.cpp(205) \| 2016 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 13:25:33.209 \| PolicyManager.cpp(222) \| 2016 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 13:25:33.209 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - starting 25/05 13:25:33.209 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - succeeded (0 ms) 25/05 13:25:33.209 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 13:25:33.209 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 13:25:33.209 \| PolicyManager.cpp(205) \| 2016 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 13:25:33.209 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - succeeded (0 ms) 25/05 13:25:33.209 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - starting 25/05 13:25:33.209 \| FltDevRestrictionsManager.(51) \| 2016 \| DBG \| driver has default config - skip driver load 25/05 13:25:33.209 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - succeeded (0 ms) 25/05 13:30:34.746 \| GPUpdateMonitor.cpp(197) \| 2016 \| DBG \| firing GPUpdate event for sid= 25/05 13:30:34.746 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - starting 25/05 13:30:34.746 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 13:30:34.746 \| ActiveAction.cpp(81) \| 2016 \| NONE \| Deactivated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 13:30:34.746 \| PolicyManager.cpp(174) \| 2016 \| NONE \| Activating the local machine policies 25/05 13:30:34.746 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - starting 25/05 13:30:34.746 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - starting 25/05 13:30:34.746 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <Start-stop Monitor> Filter: <<none>>. 25/05 13:30:34.746 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=CSEStart - succeeded (0 ms) 25/05 13:30:34.756 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - starting 25/05 13:30:34.756 \| ActiveAction.cpp(65) \| 2016 \| NONE \| Activated: Action: <FS Filter Loader> On events from: <GPUpdate Monitor> Filter: <<none>>. 25/05 13:30:34.756 \| PolicyManager.cpp(311) \| 2016 \| NONE \| ActivateAction: policySid=; policyId={3B280287-F4AB-4270-ACD7-5E6ABE0C4BBE}; actionId=GPUpdate - succeeded (0 ms) 25/05 13:30:34.756 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='' - succeeded (10 ms) 25/05 13:30:34.756 \| LogonMonitor.cpp(293) \| 2016 \| DBG \| Firing logon event: sessionid=0 UserSID=S-1-5-21-2046305956-985427585-1233803906-5220 subscriber cookie=2 25/05 13:30:34.756 \| PolicyManager.cpp(205) \| 2016 \| NONE \| CPolicyManager:nLogonEvent - starting 25/05 13:30:34.756 \| PolicyManager.cpp(222) \| 2016 \| NONE \| Activating policies for user: sessionid=0 sid=S-1-5-21-2046305956-985427585-1233803906-5220 25/05 13:30:34.756 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - starting 25/05 13:30:34.756 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-5-21-2046305956-985427585-1233803906-5220' - succeeded (0 ms) 25/05 13:30:34.756 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - starting 25/05 13:30:34.756 \| PolicyManager.cpp(261) \| 2016 \| NONE \| ActivatePolicies: policySid='S-1-1-0' - succeeded (0 ms) 25/05 13:30:34.756 \| PolicyManager.cpp(205) \| 2016 \| NONE \| CPolicyManager:nLogonEvent - succeeded (0 ms) 25/05 13:30:34.756 \| PolicyManager.cpp(158) \| 2016 \| NONE \| CPolicyManager::Refresh - succeeded (10 ms) 25/05 13:30:34.756 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - starting 25/05 13:30:34.756 \| FltDevRestrictionsManager.(51) \| 2016 \| DBG \| driver has default config - skip driver load 25/05 13:30:34.756 \| FsFilterLoader.cpp(96) \| 2016 \| NONE \| OnEvent - succeeded (0 ms)

George Plummer (ScriptLogic) User is Offline

Posts:125

27 May 2011 06:18 AM
I am not sure what you problem is. Is it that the testing tool is reporting an error?

Bengaul

New Member
Posts:16

27 May 2011 08:18 AM
Hi, Yes, basically the rule is in place, and attached to a GP, that is linked to an OU. The computer in the OU goes through all the checks, and the tool gives me green checks all the way until the rule exists where I get a failure. The GP exists, an RSOP proves that, and the tool knows it. The rule is there on the server console, I have saved everything. It's driving me nuts. Not sure what log file to send as nothing is getting processed because the rule is not getting picked up! Help!

Bengaul

New Member
Posts:16

01 Jun 2011 09:30 AM
Anybody, anybody, bueller... Bump.

Don Reynolds (ScriptLogic) User is Offline

ScriptLogic
Posts:74

04 Oct 2011 09:40 PM
Hello Bengaul, In order for this to work in the test tool, the GPO with the rule must be applied to the user you are logged in with, not the computer (PA rules are currently user GPO settings, not machine GPO settings). If you log into an applicable client computer with an appropriate user account, does PA elevate the correct process for you? ~Don

You are not authorized to post a reply.

Forums > Privilege Authority Community Forum > Community Technical Support

Active Forums 4.2

Latest Topics

Wildcard Question 30 Apr 2012 02:23 PM
Rules Issues 18 Apr 2012 05:26 PM
404 error on Forum search? 11 Apr 2012 07:18 PM
Client MSI Deployment 28 Mar 2012 09:32 AM
Active X Installs not Working 23 Mar 2012 12:54 PM
can't download rules 22 Feb 2012 07:58 PM
Validation logic use group membership fails 22 Feb 2012 07:44 PM
Registry & .Bat Files Help. 09 Feb 2012 04:14 PM