Hi all
How are you guys running your setup in regards to allowing service desk or others administrators access to the console.
My case is that we have around 60 persons in service desk (3 locations) and around 80 locations with local admins.
The service desk would like to have the ability to do the remote scan and poll some logs on all user clients and the locals admins shall have the access to move clients to exclusions group and perform other task on there own client(they are placed in a separate OU, there are one for every country)
I would like to have a account for all of them(assigned with there AD account), but there will be a lot of work and a good chance that I will assign something wrong. My groups are for the most part imported from our AD, so it's almost impossible to set the read/noaccess/fullaccess flag on all those groups and then furthermore have to do it on so many users.
My others though was to just make one account for our helpdesk and then look away regarding the audit :-(( :-)) But with the admins, I still would like that they had a personal account because of the extended rights to move a client around.
This could be solved if it was possible to move a client to another group from a SEP client, so they didn't needed to have access to the console. Like with the grc.dat file, here could you just take one that matched the group you wanted to join and drop it on the client.. Haven't found a way to do this on SEPM yet - anyone have a idea? :-)
Could really like some ínput in how to come by this as easy as possible:.))