Endpoint Protection

Hello,

I have a question it is recommended to create a user name in the Active Directory for Symantec End Point 12.1.1 and what permission needs ?

Thanks

hi

create user in AD is simple but integration with AD where as import groups reappear user in sepm console

where the updated in one way from AD to sepm depend on which group are imported and user that contain

IF you have AD integration its up to you, you can use your AD account to administer the SEPM. But if you have any issues with AD sync with SEPM later.  you can't logn to the SEPM. So i suggest you to use SEPM authentication instead of AD.

Permission required for the Admin account created in AD for SEPM Administration:

• Need to have domain admin previleages & Local Admin Previleages

About administrators

http://www.symantec.com/docs/HOWTO27339

hope this helps

How to setup a SEPM administrator account to use your Active Directory authentication
http://www.symantec.com/docs/TECH104726

How to setup a SEPM administrator account to use your Active Directory authentication

http://www.symantec.com/business/support/index?pag...

 Best practices when using Microsoft Active Directory as an LDAP source

https://www-secure.symantec.com/connect/articles/best-practices-when-using-microsoft-active-directory-ldap-source

Check this video as well

https://www-secure.symantec.com/connect/videos/imp...

Thanks

The purpose for creating a user name for SEPM is to run as services

As you know most of the time we are changing the windows Administrator account password.so after that the SEPM Service will stop

Note:

I don't need to use AD authentication I want to use the default one

Hi,

While individual user accounts can run specific SEP processes when the user is permitted, the client is designed to run under the context of the SYSTEM account. This is allows it to perform any function it needs without being limited by the rights of the logged in user account, When the SYSTEM account permissions are revoked from the file system, registry or network rights, the context of the logged in user account is attempted instead. If the user does not have the rights, the process fails.

Note: If the Admin account does not see this behavior, i.e. everything appears to run as expected/normally, then comparison of the limited user permissions to the Admin account in respect to SEP registry and file system locations should be accomplished. 

Check this fourms.

https://www-secure.symantec.com/connect/forums/endpoint-protection-11-service-account-rights

.

Hi,

It's not possible to use both the authentication i.e. SEPM authentication & AD authentication

You will have to use either of them.

If you are using AD authentication user must have login credentials in AD.

You can promote same idea: https://www-secure.symantec.com/connect/ideas/sepm-and-authentication

You can create a normal user account with no password expiry. It is better if you can add this user account to the local admin group of SEPM server..

Make the main SEPM  account with sepm authentication. so you can recover the password anytime.

If you want many users to administer the SEPM create multiple and use AD integration. so even if your AD crashes. you can manage your sepm with Main admin and you can integrate new AD as well.....

If your issue resolved rate the best answers and mark them as resolved accordingly.