Check that the user is managed by deviceTRUST

The deviceTRUST contextual security policy defines the users that will be managed by deviceTRUST. By default, this does not include members of the local administrators group.

To check if an unmanaged user has signed in, open the Windows Event Log on the remoting or DaaS host system and navigate to APPLICATION AND SERVICE LOGS\DEVICETRUST\ADMIN and look for Event ID 17.

An unmanaged user signed in


To change the list of managed users, open your active deviceTRUST contextual security policy and navigate to DEVICETRUST CONSOLE and click on the SETTINGS tab. Select LICENSING, navigate to the USERS tab and check that the user account is not configured in the UNMANAGED USERS directly or via a group membership.

Unmanaged Users


If deviceTRUST policies are still not applied to the user, check if the user account is a member of the local administrators group. To do this, start COMPUTER MANAGEMENT on the remoting or DaaS host system, navigate to SYSTEM TOOLS, select LOCAL USERS AND GROUPS and check that the user is not a member of the ADMINISTRATORS group.

Administrative Users