Issue: Does Policy Manager create and maintain an audit log for user and admin activity? For example for these events: User login / logoffHost deletion / add / rename eventsPolicy sub-domain deletion / add / rename events Change of policy settingsResolution: The Policy Manager Server logs can be found in the following folder: C:\Program Files (x86)\F-Secure\Management Server 5\logsThe user login actions are recorded in the fspms-users.log. The log does not show the full user name, only the User ID. To get the full user name, a query must be performed using the H2Console. The H2Console is not enabled by default, so it will need to be enabled before you can run the query. How to enable H2Console:Note: Please backup your registry before making any registry changes Open Registry Editor (regedit) Policy Manager 15: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\Management Server 5\Policy Manager 16: HKLM\SOFTWARE\WithSecure\Policy Manager\Policy Manager ServerEdit "additional_java_args"Add parameter: -Dh2ConsoleEnabled=trueClose registry editor and restart Policy Manager Server service by running command line commands net stop fsms and net start fsms (net stop wspms and net start wspms for Policy Manager 16) How to open H2Console and run query: Open a browser and go to https://localhost:8080Click the H2Console linkType in query: SELECT * FROM users;Click Run (Ctrl+Enter) to run the query You will receive a result showing which user names correspond to which User ID. Changes made to policy settings are saved in fspms-policy-audit.log.Changes made to the Policy domain computers/servers or specifically changes made to the policy domain structure are saved in fspms-domain-tree-audit.log.Another log to look into is fspms-active-directory-rules.log. For example, in case the AD synchronization rule was executed, and the host with unique ID, 4d896695-8de1-4f96-9c29-0ebd2bb60418 was moved into a domain, you will find the following is logged:20.06.2022 17:59:01,276 INFO [activeDirectoryRules] - Starting to process manually triggered rule [ruleId=5, domainController='LDAP://<domain name>', containerDn='OU=<OU name>,DC=<partial domain name>,DC=<partial domain name>', containerGuid='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', targetDomainId=<policy domain ID>, enabled=true]20.06.2022 17:59:01,386 INFO [activeDirectoryRules] - 1 hosts found in Active Directory, 0 of them unmanaged20.06.2022 17:59:01,388 INFO [activeDirectoryRules] - Domain <policy domain name> updated20.06.2022 17:59:01,390 INFO [activeDirectoryRules] - Host having identity 4d896695-8de1-4f96-9c29-0ebd2bb60418 moved20.06.2022 17:59:01,416 INFO [activeDirectoryRules] - Rule was successfully processedQ: How to find out who deleted a policy sub-domain in Policy Manage Console?A: This information is available in the fspms-domain-tree-audit.logs. Below is an example, where a sub-domain called test was added and immediately deleted.05.12.2019 09:44:17,785 INFO [audit.domainTree] - User 'admin' added domain test (id=76) to domain Root (id=1)05.12.2019 09:44:23,615 INFO [audit.domainTree] - User 'admin' deleted domain test (id=76)