Ensure that your deviceTRUST contextual security policy has been saved within the deviceTRUST Console and successfully deployed to the host system.
To check which policies are effective, open the Windows Event Log on the remoting or DaaS host system and navigate to APPLICATION AND SERVICE LOGS\DEVICETRUST\ADMIN and look for Event ID 3 which details the name of each policy and the timestamp that it was last modified.
The deployed policies
- User sessions get their deviceTRUST policies during login and are active until the session is logged out. If newer contextual security policies are deployed on the remoting or DaaS host during this time, they will not affect running user sessions, only new logins.
If the policy is not listed or does not have the expected timestamp, then firstly make sure that you have successfully saved the policy from within the deviceTRUST Console.
Save the policy
Next, the policy must be successfully deployed to the remoting or DaaS host system. The method used to deploy the policy depends upon the where the policy changes were saved.
When using local policy, no additional steps need to be taken to enable the updated contextual security policy for the deviceTRUST Agent.
Group Policy Object (GPO)
When using group policy, a Group Policy update should be forced on the remoting or DaaS host system to propagate an update of the contextual security policy. Of course, it is also possible to wait for the next group policy refresh, but for testing purposes this can be forced directly with a call to GPUPDATE /TARGET:COMPUTER /FORCE. After the updated contextual security policy is successfully deployed to the remoting or DaaS host system, the deviceTRUST Agent will use it immediately.
When using file-based policy, the updated contextual security policy is copied to the appropriate target directory as a file-based policy on the remoting or DaaS host system. After the updated file-based contextual security policy is copied to the target directory, the deviceTRUST Agent will use it immediately.