Changing the user control level

Article:HOWTO81223  |  Created: 2012-10-24  |  Updated: 2013-10-07  |  Article URL http://www.symantec.com/docs/HOWTO81223
Article Type
How To


Subject


Changing the user control level

You can determine whether or not certain protection technology features and client user interface settings are available for users to configure on the Symantec Endpoint Protection client. To determine which settings are available, you specify the user control level. The user control level determines whether the client can be completely invisible, display a partial set of features, or display a full user interface.

In Symantec Endpoint Protection releases prior to 12.1, a change from client control to server control causes all settings, regardless of their lock status, to revert to their server control default values the next time policies are distributed to clients. In 12.1, locks are in effect in all control modes. Unlocked settings behave as follows in server control and client control modes:

  • In Server Control, changes can be made to unlocked settings, but they are overwritten when the next policy is applied.

  • In Client Control, client-modified settings take precedence over server settings. They are not overwritten when the new policy is applied, unless the setting has been locked in the new policy.

Note:

The Symantec Network Access Control client only runs in server control. Users cannot configure any user interface settings.

Table: User control levels

User control level

Description

Server control

Gives the users the least control over the client. Server control locks the managed settings so that users cannot configure them.

Server control has the following characteristics:

  • Users cannot configure or enable firewall rules, application-specific settings, firewall settings, intrusion prevention settings, or Network Threat Protection and Client Management logs. You configure all the firewall rules and security settings for the client in Symantec Endpoint Protection Manager.

  • Users can view logs, the client's traffic history, and the list of applications that the client runs.

  • You can configure certain user interface settings and firewall notifications to appear or not appear on the client. For example, you can hide the client user interface.

The settings that you set to server control either appear dimmed or are not visible in the client user interface.

When you create a new location, the location is automatically set to server control.

Client control

Gives the users the most control over the client. Client control unlocks the managed settings so that users can configure them.

Client control has the following characteristics:

  • Users can configure or enable firewall rules, application-specific settings, firewall notifications, firewall settings, intrusion prevention settings, and client user interface settings.

  • The client ignores the firewall rules that you configure for the client.

You can give client control to the client computers that employees use in a remote location or a home location.

Mixed control

Gives the user a mixture of control over the client.

Mixed control has the following characteristics:

  • Users can configure the firewall rules and application-specific settings.

  • You can configure the firewall rules, which may or may not override the rules that users configure. The position of the server rules in the Rules list of the firewall policy determines whether server rules override client rules.

  • You can specify certain settings to be available or not available on the client for users to enable and configure. These settings include the Network Threat Protection logs, Client Management logs, firewall settings, intrusion prevention settings, and some user interface settings.

  • You can configure Virus and Spyware Protection settings to override the setting on the client, even if the setting is unlocked. For example, if you unlock the Auto-Protect feature and the user disables it, you can enable Auto-Protect.

The settings that you set to client control are available to the user. The settings that you set to server control either appear dimmed or are not visible in the client user interface.

See About mixed control.

Some managed settings have dependencies. For example, users may have permission to configure firewall rules, but cannot access the client user interface. Because users do not have access to the Configure Firewall Rules dialog box, they cannot create rules.

You can set a different user control level for each location.

Note:

Clients that run in client control or mixed control switch to server control when the server applies a Quarantine policy.

To change the user control level

  1. In the console, click Clients.

  2. Under View Clients, select the group whose location you want to modify.

  3. Click the Policies tab.

  4. Under Location-specific Policies and Settings, under the location you want to modify, expand Location-specific Settings.

  5. To the right of Client User Interface Control Settings, click Tasks > Edit Settings.

  6. In the Client User Interface Control Settings dialog box, do one of the following options:

    • Click Server control, and then click Customize.

      Configure any of the settings, and then click OK.

    • Click Client control.

    • Click Mixed control, and then click Customize.

      Configure any of the settings, and then click OK.

    • For the Symantec Network Access Control client, you can click Display the client and Display the notification area icon.

  7. Click OK.

See Configuring user interface settings.

See Locking and unlocking Virus and Spyware policy settings.


Legacy ID



v9510980_v81626096


Article URL http://www.symantec.com/docs/HOWTO81223


Terms of use for this information are found in Legal Notices