block install or uninstall...
Created: 01 Oct 2012 | Updated: 19 Oct 2012 | 5 comments
This issue has been solved. See solution.
IS IT POSSIBLE TO AVOID USERS TO INSTALL/UNINSTALL USING SOME SEPM POLICY ?
Discussion Filed Under:
Comments 5 Comments • Jump to latest comment
Programs or SEP?
For SEP, you can set an uninstall password.
To block programs from installing, you can use an application and device control policy or System Lockdown:
How to configure Application Control in Symantec Endpoint Protection 11.0 : Configuring Application Control Policies
http://www.symantec.com/docs/TECH102525
How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage
http://www.symantec.com/docs/TECH97618
Secondly, Another way of doing it is using "system lockdown" to enable\disable applications; check this Article:
How to configure System Lockdown in Symantec Endpoint Protection 11.0
http://www.symantec.com/docs/TECH102526
SEP Knowledge Base
Endpoint SWAT
Hi,
It's possible with the help of SEPM policies but some pre-work is required.
SEPM should have data to compare which applications to allow and which not.
Monitoring applications and services that run on client computers
http://www.symantec.com/docs/HOWTO55218
How to configure System Lockdown in Symantec Endpoint Protection 11.0
http://www.symantec.com/docs/TECH102526
Also check following videos:
Learned Application : SEP 11
http://www.symantec.com/connect/videos/learned-app...
How to Block Exe files via Application and Device Policy with File Fingerprint
http://www.symantec.com/connect/videos/how-block-e...
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Yes you can configure SEPM ADC policy and blocked Uninstall and install Softwares
Configuring system lockdown.
http://www.symantec.com/business/support/index?page=content&id=HOWTO55130
Managing file fingerprint lists
http://www.symantec.com/business/support/index?page=content&id=HOWTO55133
Check this thread
https://www-secure.symantec.com/connect/forums/system-lock-down-policy
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Kindly define that what you want safe Symantec or other Product?
For the SEP avoidance then find the below step
In the console, click Clients.
Under Clients, select the group for which you want to set up password protection.
On the Policies tab, under Location-independent Policies and Settings, click General Settings.
Click Security Settings.
On the Security Settings tab, choose any of the following check boxes:
Require a password to open the client user interface
Require a password to stop the client service
Require a password to import or export a policy
Require a password to uninstall the client
In the Password text box, type the password.
The password is limited to 15 characters or less.
In the Confirm password text box, type the password again.
Click OK.
https://www-secure.symantec.com/connect/blogs/how-set-password-enable-usb-access-user-end
http://www.symantec.com/business/support/index?page=content&id=TECH102700
Hello,
You can determine the level of interaction that you want users to have on the Symantec Endpoint Protection client. Choose which features are available for users to configure. For example, you can control the number of notifications that appear and limit users' ability to create firewall rules and virus and spyware scans. You can also give users full access to the user interface.
The features that users can customize for the user interface are called managed settings. The user does not have access to all the client features, such as password protection.
To determine the level of user interaction, you can customize the user interface in the following ways:
For virus and spyware settings, you can lock or unlock the settings.
For firewall settings, intrusion prevention settings, and for some client user interface settings, you can set the user control level and configure the associated settings.
You can password-protect the client.
To password-protect the client
In the console, click Clients.
Under Clients, select the group for which you want to set up password protection.
On the Policies tab, under Location-independent Policies and Settings, click General Settings.
Click Security Settings.
On the Security Settings tab, choose any of the following check boxes:
Require a password to open the client user interface
Require a password to stop the client service
Require a password to import or export a policy
Require a password to uninstall the client
In the Password text box, type the password.
The password is limited to 15 characters or less.
In the Confirm password text box, type the password again.
Click OK.
Check these Articles which may helps you with all the Information you are looking for:
How do you lock down SEP client interface so that end users cannot disable components or modify settings.
http://www.symantec.com/docs/TECH136678
How to block a user's ability to disable Symantec Endpoint Protection on Clients
http://www.symantec.com/docs/TECH102822
How to restrict users from making configuration changes to the Symantec Endpoint Protection client.
http://www.symantec.com/docs/TECH102370
Hope this helps!!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Would you like to reply?
Login or Register to post your comment.