Screencasts - Hilfsvideos

SEPM: LiveUpdate policy: limited/normal users are not able to change the LiveUpdate schedule

Created: 05 Sept. 2012 • Aktualisiert: 15 Okt. 2012 | 4 Kommentare
das Bild der LUE500s
10 Zustimmen
0 Nicht zustimmen
+10 10 Stimmen
Bitte loggen Sie sich ein, um abzustimmen
Status: Alternative Lösung

We require settings which allow notebook users to change the schedule for LiveUpdate.

In SEP Manager the LiveUpdate policy is configured to update the content from SEP Manager and Symantec's LiveUpdate Servers.

The schedule is configured and "Allow the user to modify the LiveUpdate schedule" is enabled.

The users are not able to modify the LiveUpdate settings.

In the GUI under "Change Settings" the "Client management" feature is greyed out. "Your administrator has locked this feature"

This seems to be related to the same problem with the firewall settings.

New fixes and features in Symantec Endpoint Protection 12.1 Release Update 1 Maintenance Patch 1

http://www.symantec.com/docs/TECH187656

Normal user cannot disable the firewall

Fix ID: 2563429

Symptom: A normal/limited user is unable to enable or disable Network Threat Protection on the SEP client. The option to enable/disable NTP is checked in the SEPM policy.

Solution: The SEP client was modified to allow limited/normal users to enable or disable NTP based on the policy setting. NOTE: Guest users cannot enable/disable NTP, regardless of the policy.

Please modify the SEP client that limited/normal users have the ability to modify the LiveUpdate schedule as well.

For security reasons we cannot give users admin rights just to change a schedule for content updates.

Thanks in advance.

Kommentare KommentareZum neuesten Kommentar

das Bild der paul_ods

Hi there,

I don't think this is planned for at present.

However if this doesn't get accepted for whatever reason what I'd personally like to see is the removal of the ambiguity. It would be better if the SEPM screen said something like:

"Allow a power user or local Administrator to modify the LiveUpdate schedule".

0
Bitte loggen Sie sich ein, um abzustimmen
das Bild der Elishas

Thanks for your idea.  Can you give me a use case for why users need to change the LiveUpdate schedule?  Is there an issue you are currently having by not allowing user to change this schedule?

0
Bitte loggen Sie sich ein, um abzustimmen
das Bild der LUE500s

Hi Elisha,

Flextime, time abroad, shift work, work from home, different connections (Mobile, Broadband) etc..
Of course we could use continious LiveUpdate, but if a user is connecting via Mobile (3G, GPRS) on a
business trip (Roaming), we don't "need" to run LU for example.

+3
Bitte loggen Sie sich ein, um abzustimmen
das Bild der Elishas

There are two options in the current product to handle this use case:

1. Use location awareness.  When the user is not connected to SEPM then have LU run.  When the user is connected to SEPM then have updated come from SEPM.  In this mode when the user is not connected to SEPM you can give the user full control of LU.  And when the client is connected to SEPM then you can control LU.

2. Use the "LiveUpdate runs only if the client is disconnected from SEP for more than X minutes/hours"

LiveUpdate.png
0
Bitte loggen Sie sich ein, um abzustimmen