Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

SEPM Administrators.

Created: 21 Aug 2013 • Updated: 21 Aug 2013
Language Translations
Chetan Savade's picture
+5 5 Votes
Login to vote

Hello Everyone,

By default when you do a install of Symantec Endpoint Protection Manager an 'admin' account gets created with full access and permissions to all areas of Symantc Endpoint Protection Manager.

You use administrators to manage your company's organizational structure and network security. For a small company, you may only need one administrator. For a large company with multiple sites and domains, you most likely need multiple administrators, some of whom have more access rights than others.

You can create additional administrators as per business requirement.

To add new administrator first time you need to login with 'admin' account.

Go to the Admin--> Administrators --> Add an administrator

Untitled_0.png

In this demonstation I have created two more an administrators.

User1 - System administrator

User2 - Limited Administrator

Untitled1_4.png
 

By looking at an admin symbol you can gauge what kind of rights they have.

Untitled2_4.png

A system administrator can perform the following tasks:

  • Manage all domains.

  • Create and manage all other system administrator accounts, administrator accounts, and limited administrator accounts for all domains.

  • Manage the databases and management servers.

  • Manage Enforcers.

  • Can view and manage all console settings.

 

Untitled3_2.png

An administrator, who is also referred to as a domain administrator, can perform the following tasks:

  • Manage a single domain.

  • Create and manage administrator accounts and limited administrator accounts within a single domain.

    You can specify access rights to run reports and manage sites.

    See Configuring the access rights for a domain administrator.

    You can authorize administrators to fully manage a site through Site Rights, including the database and all servers for a site.

    Administrators who are fully authorized to manage a site can modify site rights for other administrators and limited administrators.

    Administrators cannot modify their own site rights. System administrators must perform this function.

    For administrators who are not authorized to manage a site through Site Rights, the administrator cannot modify site rights for other administrators and limited administrators.

  • Manage the password rights for limited administrators and other administrators who have equal or less restrictive access rights.

  • Cannot manage Enforcers.

 

 Untitled5_4.png

A limited administrator can be granted access to perform tasks within a single domain. These tasks include:

  • Run reports on specified computers, IP addresses, groups, and servers.

  • View Home, Monitors, and Reports pages in the console only if granted reporting rights.

  • Manage the groups within a single domain.

  • Remotely run commands on client computers.

  • Fully manage a site, or, view or manage the database or the selected servers for a site within a single domain.

  • View or manage installation packages.

  • Manage policies

    Limited administrators who do not have access to a specific policy and related settings cannot view or modify the policy. In addition, they cannot apply, replace, or withdraw a policy.

    See Configuring the access rights for a limited administrator.

  • Cannot create other limited administrator accounts.

    Only a system administrator or an administrator can create limited administrator accounts.

  • Manage the password rights for own account only.

 

If logged in as an administrator then license tab & Domain tab will not be listed.

Untitled6_2.png

If you do not want administrator to manged the single site then you can remove that access as well.

Go to the Admin --> Administrator --> Edit an administrator, in this example Edit User1 an administrator --> Access rights --> Site rights-> Select 'Not authorized to manage this site'

Untitled7_0.png

Now user1 won't get an access to Server tab,License tab & domain tab, check this screenshot.

Untitled8.png

In this demonstation we have created 'User2' as a limitead administrator. User2 is allowed to only managed installation packages.

Untitled10.png

After login User2 will be only able to see Administrator tab & Installation package.

In the administrator tab he will be able to see only his own account.

Untitled11_0.png

 

Helpful Articles:

About administrators

http://www.symantec.com/docs/HOWTO55478

Managing domains and administrator accounts

http://www.symantec.com/docs/HOWTO55094

Adding an administrator account

http://www.symantec.com/docs/HOWTO55403

About access rights

http://www.symantec.com/docs/HOWTO55041

Configuring the access rights for a limited administrator

http://www.symantec.com/docs/HOWTO55037

How to change Manage Group permissions for Limited Administrators in SEPM for multiple groups.

http://www.symantec.com/docs/TECH92651

Which administrator activities are logged in the Symantec Endpoint Protection Manager console?

http://www.symantec.com/docs/TECH141668

About administrator account roles and access rights (Endpoint Protection 12.1.2)

http://www.symantec.com/docs/HOWTO81226