Columns in Results Panel/Custom Report, Device Control

You can control how column information for log entries is displayed in the Results panel from the Template settings dialog.

The following table describes the log entry information for columns in the Results panel and custom reports.

Ellipses […] in the Results panel indicate hidden log entries. For example, if you group a set of results using the value in one column, then multiple values in other columns, the results are shown as […].

Column	Description
Attachment	Shows that shadowed content is viewable.
Audit Event	Shows the type of event that triggered the audit log.
Audit Type	Shows the type of action the administrator performed.
Computer	Shows name of the computer where device access was requested.
Count	Shows how many log entries are hidden in a single row, accompanied by a grouping symbol displayed on the column header. Alternatively, this may be a computed column of data.
Device Class	Shows the name of the device class.
Device Model	Shows the manufacturer name for the device.
File Ext	Shows the type of file extension.
File Name	Shows the file name accessed on the device.
File Name (full)	Shows the full name (including path) of the file accessed on the device.
File Path	Shows the path to the file on the device.
File Type	Indicates whether the file relates to a script or an application, for example Executable or Script.
Hash	Shows the digital signature of the file, created by SHA-1 (Secure Hash Algorithm -1) that differentiate files with the same name.
Managed Device Name	Shows the device name defined in the Device Explorer module.
Model Id	Shows the device model that a user performed and action on.
NT Account Name	Shows the domain user name of the person who triggered the event, for example MARVIN/johns or LocalSystem.
Other	Shows information that may contain the access mask, DVD/CD serial number details, additional information, or parameters.
Process Name	Describes the process used for device access.
Reason	Indicates whether device access was granted or denied. This can have a value of No Permission, Granted or Denied.
SID	Shows the secondary identifier for the user, for example S-1-5-21-647365748-5676349349-7385635473-1645. This is useful for tracing actions recorded in log files to users who have left an organization.
Size	Shows the size of the shadowed file.
Target	Shows the device for which the permissions were modified.
Target Computer	Shows the computer name that was the target of the administrator action.
Target User	Shows of the user or group name that the administrator action was applied to.
Traced On (Console time)	Records the date the event occurred on the console computer.
Traced On (Endpoint time)	Records the date the event occurred on the client computer.
Traced On (UTC)	Records the date (Coordinated Universal Time) the event occurred on the client computer.
Transferred On (Console)	Records the date the event record was transferred from the client computer to the Application Server.
Transferred On (UTC)	Records the date (Coordinated Universal Time) the event record was transferred from the client computer to the Application Server.
Type	Shows the type of event that triggered the log action such as the type of audit event.
Unique ID	Shows the serial number for the device the user performed an action on.
User	Shows the user name that triggered the event. For users removed from the Active Directory, this field also displays the SID, enabling identification of users who have left an organization.
Volume Label	Shows the volume tag for the event that is logged.
X.500 User Name	Shows the user name in Lightweight Directory Access Protocol format. This reflects the directory tree in which the user information is stored, for example, the X.500 user name may be CN=John Doe, CN=Users, DC=Jane and so forth.

Columns with names starting with Count, Min, Max, Sum and Average may also be displayed. These contain computed data based on the values in the columns specified for Computed Columns.