Video Screencast Help

Advantages and Disadvantages of Active Directory with Symantec Endpoint Protection Manager

Created: 05 Mar 2012 • Updated: 26 Mar 2012 | 3 comments
Language Translations
Simpson Homer's picture
+12 12 Votes
Login to vote

Overview

As an optional feature, the Symantec Endpoint Protection Manager can be integrated with the Active Directory. The Symantec Endpoint Protection Manager can import the organizational unit and the account data and synchronize that data with the Active Directory automatically. The administrator can then use the existing organizational unit as a unit to assign the group policy to, just as with a group. 

An Organizational Unit is treated as a special type of group because the imported organizational unit and the accounts in that unit cannot be modified. However, the organizational unit along with its data can be deleted as a whole by the administrator. Groups cannot be created under the Organizational Unit. The parent of an Organizational Unit can be the Group or the Organizational Unit. The administrator can select accounts from an Organizational Unit and move them to a specified group, for example, the administrator can create a group for remote users, move all of the remote users from their current organizational unit to a newly created group and assign a group policy that is tailored for the remote users in that group.

Reference: http://www.symantec.com/business/support/index?page=content&id=TECH102546

Advantages:-

1)      Easy Management of clients  As PCs are joined to the domain, they *should* automatically move to the correct group.

2)      Easy to know if any clients have SEP client installed or not.

3)     User mode configuration works best with AD Sync.

4)     AD sync will be apt for a network with more than 10k clients to manage the groups.

5)      Find Unmanaged Computers--You can scan a whole range of IP address..which will find your computers..no need to specify any name leave that blank..You can deploy as many clients you want.

6)      Migration and Deployment wiz--Click ok Domain click Add--Supply Domain admin credentials--s,-Skip the offline client it will add all your machines ( except the ones which cannot be contacted ) then you can start the deployment on all of them at once.

7)      can do GPO deployment

Disadvantages:-

1)      Cannot move a client from one group to another, Has to be done from the active directory only.

2)      if copied the client will be available as per the OU structure in the existing group but will be copied to the new group where policy from new group will be applied.

3)      During the copy procedure, it’s possible that a single client may use more than 1 seat, causing over deployment.

4)      Cannot switch the mode manually

5)      Not easy to apply policies for various components.

6)      Ideal only for Large environments.

7)      Imported Organizational Units are read only. Data in the Organizational Unit cannot be changed manually. 

 

Advantage & Disadvantage is based on how your AD structure is based on.

References:-

https://www-secure.symantec.com/connect/forums/ad-ou-advantage-disadvantage-sepm

https://www-secure.symantec.com/connect/forums/sep-11-active-directory-integration-advantagesdisadvantages

http://www.symantec.com/business/support/index?page=content&id=TECH102546

https://www-secure.symantec.com/connect/forums/i-would-more-info-ad-sync-part-sepm

Comments 3 CommentsJump to latest comment

SUPPORT-2-SUPPORT's picture

Here is what we really want...

Thanks Simpson....!!!

Regards,

S2S

 

Please don't forget to mark your thread solved with whatever answer helped you.

+3
Login to vote
Ian_C.'s picture

Looks like real life experience documented here. Not just some theoretical 'this is how we believe it should work' seen many times from multiple vendors.

Please mark the post that best solves your problem as the answer to this thread.
+4
Login to vote