Video Screencast Help

enabling location awareness for a user

Created: 10 Dec 2013 | 8 comments
przemek's picture

Hello
I am wonder is it posible enabling location awareness for a user which belong to group eg local administrator.
for example administrator can read writte on usb but normal user only read.
(every location have different police ADC )
I can assign location for user but i must know login this it is in registry
In same case especial in big envirometr is difficult to implement this so i think abut assign for group
But I haven't idea how to achive.

Operating Systems:

Comments 8 CommentsJump to latest comment

ᗺrian's picture

You can see the link here:

http://www.symantec.com/docs/HOWTO81170

The pourpose of this is that you can apply a different policy if they move to another location. Whether they are admin or not does not play a factor in to this

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

przemek's picture

hi

about location I know but how triger that user is administrator and change location?

when user is loged i chech registry (but than i must know every login

HLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\UserName

but don't know about group eg (local administrator)

ᗺrian's picture

Well to find out the location change, go to Monitors >> Logs, set the Log type to System and set the Log Content to Client Activity. Click the Advanced Settings link and set the Event type to Other evetns and in the Event Source box type SMC

Click OK and this you will see logs for Location Change. It doesn't give a username but does show the PC name.

I don't believe there is a very easy way to get this out of the SEPM nor does it show whether the user is an admin or what group they're apart of.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Beppe's picture

Hello,

just a clarification, you can't assign policies or change any setting to single SEP clients (computers or users), even for a single computer or user, you need to create a dedicated group for it and work on that group settings, policies, locations, etc.

Regards,

Giuseppe

przemek's picture

hello

Yes exactly.

I want give privilage for administrator to use usb (read writte) and another option but now focus on this.

and user use only usb to read on the same machine. This limitation is for security.

AravindKM's picture

You cannot have a SEP policy based on user's AD group/OS level access rights. I think the best way to achieve this is, create a group in SEPM and assign the ADC policy to allow read-write on USB drives. Whenever an admin needs to access USB device on the system, you can manually move the client to this group. Once everything is set, you can move back the client to its previous group.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

przemek's picture

Hi

Sometime your solution don't work eg  when laptop is outside company intranet and serwice desk should make backup data on USB.

Thanks for help probably I can't integerate location with local group

ᗺrian's picture

Do you need more assistance with your problem or were you able to get it resolved?

If you could post an update for followers of this thread that would be most helpful.

Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. If multiple posts helped to solve your problem, please click the "Request split solution" link at the bottom left, select the most helpful posts and click the "Submit" button. This will benefit admins looking for a resolution to the same problem.

Thanks and take care,
Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.