Endpoint Protection

 View Only

  • 1.  Adding Users to SEPM console

    Posted Sep 08, 2009 05:11 AM
    Hi,

    we are using AD synchronization in SEPM to display computers in OU structures and to authenticate administrators in SEPM console.
    Every-time we add an Limited administrator account we have to manually set permissions on all Groups. New limited admin is granted automatically Full Access to all folders. In environment with 100 Groups it is really annoying to create new administrator account. Setting permission explicitly will be nice.

    Any idea how to change this? A workaround?

    Maybe Symantec should change that in their next release.

    Regards

    David


  • 2.  RE: Adding Users to SEPM console

    Posted Sep 08, 2009 06:25 AM

    A limited administrator can perform the following tasks:

    Perform tasks within a domain but cannot manage a domain.

    specific policy and related settings cannot view ormodify the policy. In addition, they cannot apply,replace, or withdraw a policy.

    Manages the reports, runs remote commands, and configures policies for specific groups within a single domain. Limited administrators who do not have access to a

    Cannot create other limited administrator accounts. Only a system administrator or an administrator can  configure the rights for the limited administrator.

    Manages the password rights for own account only.

                      


    Rather you can Create a System Administartor or  an Adminstartor account  ref to page no 72 and 73 of the admin guide
    Can view Home, Monitors, or Reports pages in the console only if given reporting rights                                                                                                           


  • 3.  RE: Adding Users to SEPM console

    Posted Sep 17, 2009 08:44 AM
    Hi,

    is not what i meant.

    Create new admin account. Select limited administrator and go to groups. We want only selected groups to be displayed for each admin.
    By default he has full access to every group. With 100 Groups it is not practical to set on every folder that he has no access.

    If you have "Full access" permission on a group you can run Import from AD and import OU (If this was not already imported) and then perform "Run a command" on clients like system reboot or full scan. Limited admin could potentially reboot servers in production. I see it as security risk.

    Do you have any idea how to work around it? 

    Regards

    DD



     


  • 4.  RE: Adding Users to SEPM console

    Posted Sep 17, 2009 09:10 AM
    As far as I know ,there is no such option in SEPM.

    YOu may add this under the ideas section. if They  consider they would impliment in next release.


  • 5.  RE: Adding Users to SEPM console

    Posted Sep 17, 2009 10:39 AM
    have you been browse the adding of administrator from the admin tab of your SEPM?


  • 6.  RE: Adding Users to SEPM console

    Posted Sep 17, 2009 10:54 AM
    You should go and add your support to:

    https://www-secure.symantec.com/connect/idea/group-rights-limited-administrator-accounts-change-all