Accessing the User Tree

  1. Access the Control Manager management console.
  2. Navigate to Directories > Users/Endpoints.
  3. Go to Users > All.

A screen similar to the following appears:

Column Name



The name or email address of the user depending on the endpoint:

  • Computer/server: The most recent user who logged on and/or used the computer/server is identified as the current owner.

  • Mobile device: The email address associated with the mobile device is used to find the corresponding user in Active Directory. If the corresponding AD user cannot be found or if AD synchronization is not available, the email address is used as the current owner.


The Users > All node list all local users from various endpoints regardless of their duplicate status. Duplicate users having the same names can occur. Control Manager consolidates all endpoints from managed products having multiple local users.


If Active Directory integration is enabled, this corresponds to the name of the domain. Without Active Directory, the value in this column reflects the endpoint name/host name.


The user's direct reporting manager, as saved in Active Directory


The number of endpoints, which the user is currently logged on to or was the last one to log on.

Security Threats

The total number of threats logged in 90 days

Control Manager counts and consolidates detections having these types of threats:

  • Virus/Malware

  • Spyware/Grayware

  • Email content violation

  • Spam

  • Phishing email

  • Web violation

  • DLP incident

  • C&C callback

  • Behavior Monitoring violation

  • Firewall violation

  • Application violation

  • Suspicious file

  • Intrusion prevention event

  • Network content violation

For example, while Henry is the last user using endpoint us-mkt-dev1, there are 10 virus/malware detections and two web violations. Because Henry was the last one to use the endpoint, Henry's security threats count is 12.


If the network environment is not using Active Directory the following detections/violations for gateway products do not display: email content violation, phishing email, spam.

Security threats detected by endpoint products (example: OfficeScan) are tied to the last logon user of the endpoint. Security threats detected by gateway products (example: IWSVA) are tied to the user who triggered the detection.

Associated Policies

The number of policies assigned to endpoints, which the user is currently logged on to or was the last one to log on.