How to setup a Symantec Endpoint Protection Manager administrator account to use Active Directory authentication
|Article:TECH104726|||||Created: 2008-01-15|||||Updated: 2012-03-02|||||Article URL http://www.symantec.com/docs/TECH104726|
This document describes how to use an Active Directory account and password to login to the Symantec Endpoint Protection Manager (SEPM).
To setup a SEPM administrator account to use Active Directory authentication, Steps A and B are required. Step A will configure the SEPM to communicate with the Active Directory server(s). Step B will configure a SEPM administrator account to use directory authentication. Repeat Step B for every account which needs to use Active Directory authentication.
Step A - Add the Active Directory Server to the SEPM:
- Login to the SEPM
- Click Admin > Servers
- Right-click your SEPM's name (top-left)
- Click Edit Properties
- Click Directory Servers > Add
- Enter a name to identify your Active Directory server
- Select Active Directory next to Server Type
- Enter the Active Directory server hostname or IP address
- Enter a username and password that the SEPM can use to communicate with the Active Directory server
- Click OK. The SEPM will test the Directory Server information which was entered to confirm it works properly.
Step B - Create a new SEPM Administrator account:
- Login to the SEPM
- Click Admin > Administrators > Add Administrator
- Enter a username for the new administrator account. This will be the username used to login to the SEPM.
- Enter a full name for the new administrator account. This is used for informational purposes only.
- Leave the Password and Confirm Password fields blank
- Click Change
- Select Directory Authentication
- In Directory Server, select the Active Directory server configured in Step A-6
- In Account Name, enter the account name as it appears in Active Directory
- Click OK
- Click OK
Testing the newly created account:
- Logoff the SEPM if logged in
- Use the username entered in Step B-3. Usernames are case sensitive.
- Use the Active Directory password for the Active Directory account specified in Step B-9.
- Leave the Domain field blank. (This field expects a SEPM domain and not an Active Directory domain)
Do not use the built-in SEPM "admin" account when setting up Active Directory Authentication, doing so can prevent logon access to SEPM with "Authentication Failure" error. Lockout issues can occur when changing the Active Directory account, upgrading Active Directory, changing Active Directory mode, and when removing SEPM(s) as a replication partner.
SEPM Active Directory Authentication is only supported for Admin accounts that have been created in SEPM by clicking "Add Administrator."
NOTE: The SEPM user name is taken from SEPM database while the password is taken from Active Directory for the account you specified in Account Name.
Article URL http://www.symantec.com/docs/TECH104726