What is a one sentence summary of your feature request?
Extend the Effective Rights Criteria form in Endpoint Protector to include a group filter, so administrators can export a single report showing all CAP applied to computers or users within a selected group.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
The Effective Rights section already allows administrators to view applied Device Control and Content Aware Protection policies, with export options filtered by rights, users, computers, and device types. However, it currently lacks the ability to scope a report to a specific group.
In some of our customer, CAP policies are applied at the group level, but individual exceptions, such as allowing one or two machines in a restricted group to transmit files to external vendors, are added at the computer or user level over time. As these exceptions accumulate, there is no efficient way to see which members of a group are operating under different rights than the rest.
Adding a group filter to the Effective Rights Criteria form would allow administrators to select a group and immediately generate a consolidated report showing each member’s effective policy status, with exceptions clearly surfaced. This would significantly reduce audit preparation time, lower the risk of undetected misconfigurations, and give administrators an at-a-glance view of policy drift within any group.
How do you currently solve the challenges you have by not having this feature?
Because the Effective Rights export does not support group-scoped filtering, administrators must manually open and cross-reference individual policies to determine which computers or users within a group have been excluded from the group-level CAP. This is slow, error-prone, and does not scale, particularly during compliance audits where both accuracy and speed are critical.
