Third Wall offers some user-based policies that may not appear to remove themselves as readily as the machine-based policies. This guide will explain Third Wall's operations in removing the user-based policy.
There are two distinct events which much occur before the affected user reports the policy is removed:
- A user must be signed on when the 'Third Wall Command' to remove the policy is run.
- Once the command is run with a signed on user, that user must sign out and back in to realize the release.
To accomplish this, Third Wall uses both commands and monitors to remove the policy
- Immediately after running an UNDO on the Location, Third Wall will send a command to all relevant computers in the location to remove the policy
- A monitor will run on all relevant computers in the location to support the removal. Any users signing in for 21 days after UNDO'ing the policy from the location will run the removal command
If you UNDO the policy at the location or except the policy for the computer, check the commands page in Automate for a 'Third Wall Command' that just issued. Once that command completes successfully, if the user is already signed onto the computer, that policy is lifted and all they need to do at this point is sign off and back on.
If the user isn't signed on when the 'Third Wall Command' runs, when they do, they'll still be under policy. That's because Third Wall can't make a change to the user environment until that user has signed in. Once they have, wait for the monitor to run. Once it does, it will see the new user and remove the policy for them. Again, they need to sign out, then back on.
You can always force this with the exception switch on the computer screen. If you've an impatient user on the phone needing the policy removed immediately, make sure they're signed onto the computer, then use the exception switch to force the UNDO command to run. If that policy is already excepted, remove the exception, then turn it back on. When you see the commands complete successfully, tell the user to sign out and back in. They're now released from policy.
These are the user-based policies in Third Wall:
Enable Password Protected ScreenSaver
Block Exe Running From %AppData% (application exceptions only)
Disable Office Macros from Internet
Restrict Local Administration Tools
Disable OLE in Office Documents