Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Adding Users to SEPM console

Updated: 21 May 2010 | 5 comments
DD01's picture
DD01
0 0 Votes
Login to vote

Hi,

we are using AD synchronization in SEPM to display computers in OU structures and to authenticate administrators in SEPM console.
Every-time we add an Limited administrator account we have to manually set permissions on all Groups. New limited admin is granted automatically Full Access to all folders. In environment with 100 Groups it is really annoying to create new administrator account. Setting permission explicitly will be nice.

Any idea how to change this? A workaround?

Maybe Symantec should change that in their next release.

Regards

David

Discussion Filed Under:
, ,

Comments

Prachand's picture
08
Sep
2009
0 Votes 0
Login to vote
Prachand
Trusted Advisor

A limited administrator can

A limited administrator can perform the following tasks:

Perform tasks within a domain but cannot manage a domain.

specific policy and related settings cannot view ormodify the policy. In addition, they cannot apply,replace, or withdraw a policy.

Manages the reports, runs remote commands, and configures policies for specific groups within a single domain. Limited administrators who do not have access to a

Cannot create other limited administrator accounts. Only a system administrator or an administrator can  configure the rights for the limited administrator.

Manages the password rights for own account only.

                  

Rather you can Create a System Administartor or  an Adminstartor account  ref to page no 72 and 73 of the admin guide
Can view Home, Monitors, or Reports pages in the console only if given reporting rights                                                                                                           

Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)

DD01's picture
17
Sep
2009
0 Votes 0
Login to vote
DD01

Hi, is not what i

Hi,

is not what i meant.

Create new admin account. Select limited administrator and go to groups. We want only selected groups to be displayed for each admin.
By default he has full access to every group. With 100 Groups it is not practical to set on every folder that he has no access.

If you have "Full access" permission on a group you can run Import from AD and import OU (If this was not already imported) and then perform "Run a command" on clients like system reboot or full scan. Limited admin could potentially reboot servers in production. I see it as security risk.

Do you have any idea how to work around it? 

Regards

DD

 

Rafeeq's picture
17
Sep
2009
0 Votes 0
Login to vote
Rafeeq

Hi

As far as I know ,there is no such option in SEPM.

YOu may add this under the ideas section. if They  consider they would impliment in next release.

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

Peterpan's picture
17
Sep
2009
0 Votes 0
Login to vote
Peterpan

have you been browse the

have you been browse the adding of administrator from the admin tab of your SEPM?

:-)

Jeremy Dundon's picture
17
Sep
2009
0 Votes 0
Login to vote
Jeremy Dundon
Symantec Employee
Accredited

This has been posted in the Ideas forum already.

You should go and add your support to:

https://www-secure.symantec.com/connect/idea/group-rights-limited-administrator-accounts-change-all
 

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,017