Video Screencast Help
Search Video Help Close Back
to help

Block users from disabling SEP 12.1 client

Created: 05 Feb 2013 | Updated: 06 Feb 2013 | 6 comments
Grandeco's picture
Grandeco
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hi,

We're looking for a sollution to allow only admins with the password to disable the SEP client.
I have followed the guide to disabeling this function; but the result is not what i'm looking for.

 

How to prevent SEP features from being disabled in the client GUI in SEP 12.1

 

Allow Administrators to Disable SEP 12.1 on all Clients

 

The SEP GUI is password blocked, this prevents users from accessing the console.
I have also set the password to stop the client, however the password is never prompted when disabling from the tray.

After folowing these guides, it is no longer possible to disable the client from the tray (it's grayed out).
But it is also not possible to disable specific functions from within the gui.
When an admin logs on to the GUI I want them to have full control over all settings.

How do I force the password promt when disabling the client (from the tray), without blocking all settings in the GUI (which the user can't access anyway...) ?

 

Thank you,
Domien 

Discussion Filed Under:
, , , , , , , ,

Comments 6 CommentsJump to latest comment

Brian81's picture
Brian81 Trusted Advisor
Block users from disabling SEP 12.1 client - Comment:05 Feb 2013 : Link

have you seen this

How to block a user's ability to disable Symantec Endpoint Protection on Clients

Article:TECH102822  |  Created: 2007-01-05  |  Updated: 2012-07-02  |  Article URL http://www.symantec.com/docs/TECH102822

 

SEP Knowledge Base

Endpoint SWAT

0
Login to vote
  • Actions
Chetan Savade's picture
Chetan Savade Symantec Employee Technical Support Accredited
Block users from disabling SEP 12.1 client - Comment:05 Feb 2013 : Link

Hi Domein,

Q .How do I force the password promt when disabling the client (from the tray), without blocking all settings in the GUI (which the user can't access anyway...)

--> I believe it's not possible or it's not designed that way.

However you can raise an idea or put the product enhancement request.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&

SOLUTION
0
Login to vote
  • Actions
MASH1's picture
MASH1 Symantec Employee Accredited
Block users from disabling SEP 12.1 client - Comment:05 Feb 2013 : Link

 

Hi Grandeco,
 
The option to require a password to stop the client service refers to the 
Symantec Management Client service (smc.exe) and applies to the user attempting 
to stop the service by running the command line "smc -stop".
 
It does not apply to stopping services in the Services Control Manager 
including Symantec Endpoint Protection . (Although you are 
prevented by Tamper Protection from stopping smc because it greys out the 
options).  It also does not apply to disabling protection by right-clicking the 
shield icon.
 
To disable SEP from system tray you would need to use the article Brian has suggested.
http://www.symantec.com/business/support/index?page=content&id=TECH102822 .
 
After following the above article found that "The Disable Endpoint Protection " won't be grayed out if the User is logged in as an Administrator or a Local Admin.
 
- MASH

- MASH

+1
Login to vote
  • Actions
Sumit G's picture
Sumit G Partner
Block users from disabling SEP 12.1 client - Comment:05 Feb 2013 : Link

 

There is one more way the user able to disable the sep service through Services.msc.

Check the below step it can help to disable the service change

 

Please do the following:

  1. Open the Symantec Endpoint Protection Manager.
  2. Click the Clients tab.
  3. For any group, on the right hand side, select the Policies tab.
  4. In the Location-independent Policies and Settings, click General Settings.
  5. On the General Settings screen, click the Tamper Protection tab.
  6. Verify the option labeled "Protect Symantec security software from being tampered with or shut down."

If this is enabled, the option to stop the Symantec Management Client service (smcservice) from service control manager will be unavailable. If it is disabled, stopping smc from the service control manager is allowed.

http://service1.symantec.com/SUPPORT/ent-security....

Regards

Sumit G.

+1
Login to vote
  • Actions
Rafeeq's picture
Rafeeq
Block users from disabling SEP 12.1 client - Comment:05 Feb 2013 : Link

You can install the clients in user mode instead of computer mode.

Set password for normal clients. 

no password for admins. 

 

Understanding computer and user mode in Symantec Endpoint Protection 11.0

 

http://www.symantec.com/business/support/index?pag...

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

0
Login to vote
  • Actions
Grandeco's picture
Grandeco
Block users from disabling SEP 12.1 client - Comment:06 Feb 2013 : Link

Hi,

The issue is disabling the SEP client from within the users session, so logging out and logging back in as an administrator isn't what we're looking for.

The general idea is, users can't access the GUI nor disable the client.
The admin arrives, can go into the console and change any setting he wants, or disable the client in general. Both by using the password not known to the users.

For the moment I'll leave this as it is, I have filled the product feedback / feature request. 
 

Thank you all for your support !

Kind regards,
Domien

0
Login to vote
  • Actions