Endpoint Protection

 View Only

  • 1.  Alternative admin logins

    Posted May 26, 2009 02:17 PM

    Two questions:

     

    • Are logins to the SEPM console logged anywhere? So if I want to see what action was taken under a particular login can I look to a log file?
       
    • Can you restrict, at the group level, what an administrator can do? IE. the admin can scan and update clients, but cannot delete or create new groups?
       
    I need our Desktop group to have a login and they need to be able to perform some functions, but I dont want them to be able to create groups, or worse yet delete groups.

    Thanks


  • 2.  RE: Alternative admin logins
    Best Answer

    Posted May 26, 2009 02:34 PM
    Hi,

          This is the file where you would find information about the SEPM login.

    imagebrowser image



    There are three types of administrators:








    ■ System administrator
    ■ Administrator
    ■ Limited administrator

    System administrators have full capabilities throughout the network they
    administer. They are the equivalent of superusers. In a system with multiple
    domains, a system administrator can administer any domain. System
    administrators see only those administrators administering the domain they are
    administrating.

    Administrators have limited capabalities, specified by the administrators that
    create them. An administrator can administer only the domain in which he was
    created.

    System administrator tasks
    You can centrally manage administrators from the Admin page. When the
    Administrators button is selected, the View pane shows all administrators who
    are managing the domain into which the administrator is logged. This includes
    all system administrator, administrators, and limited administrators.

    System administrator tasks include:

    ■ Renaming an administrator
    ■ Changing an administrator's password
    ■ Editing an administrator's properties
    ■ Removing an administrator
    ■ Adding an administrator
    Setting up administrative accounts
    About the types of administrators




    Administrator tasks

    You can centrally manage administrators from the Admin page. When the
    Administrators button is selected, the View pane shows all administrators in your
    domain.
    Administrator tasks include:
    ■ Renaming an administrator
    ■ Changing an administrator's password
    ■ Editing an administrator's properties
    ■ Removing an administrator
    ■ Adding an administrator



  • 3.  RE: Alternative admin logins

    Posted May 26, 2009 02:39 PM
    Here is a screenshot of the limited admin group rights.

    imagebrowser image


  • 4.  RE: Alternative admin logins

    Posted May 26, 2009 02:48 PM
    The problem with the limited administrator is that you cant manage the control at the GROUP level.  For example. If I create a limited administrator, I can only grant them Full Control, No access or Read Only. However, thats not granular enough. I want to be able to limited the actions that they can take even further. I do not want them to have the ability to synch with AD for example, or delete a group.
    That is the kind of granularity I am looking for. I need to give the desktop and/or the helpdesk  teams some control over what they can do, but I also have to have some control over the damage that they can do.



  • 5.  RE: Alternative admin logins

    Posted May 26, 2009 03:43 PM
    How about the log file when someone connects through the web console?