Video Screencast Help

Exception of User to the applied policy

Created: 12 Feb 2013 • Updated: 13 Feb 2013 | 10 comments
kintachi's picture
This issue has been solved. See solution.

Hi,

    I just want to know if there is a way to exempt user mode in the policy?

Discussion Filed Under:

Comments 10 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Please clear your answer ?

Please check this thread as per my understanding your question

https://www-secure.symantec.com/connect/forums/need-help-sepm-firewall-policies-single-clients

Thanks In Advance

Ashish Sharma

 

 

Sumit G's picture

Use can set the password to remove the user interferance

Securing the Symantec Endpoint Protection (SEP) client user interface and settings.

Article:TECH185903  |  Created: 2012-04-05  |  Updated: 2012-05-12  |  Article URL http://www.symantec.com/docs/TECH185903

 

How to block a user's ability to disable Symantec Endpoint Protection on Clients

Article:TECH102822  |  Created: 2007-01-05  |  Updated: 2012-07-02  |  Article URL http://www.symantec.com/docs/TECH102822

 

Regards

Sumit G.

Vikram Kumar-SAV to SEP's picture

Policy is applied on groups..so it cannot exclude or include user/computer.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Mithun Sanghavi's picture

Hello,

I agree. Policies are applied to the groups and the SEP computers reporting to these groups.

Are these Clients installed in User Mode or Computer Mode?

If incase, they are in User Mode, try Switching a client between user mode and computer mode.

Secondly, check this Article:

Symantec Endpoint Protection 11.x and 12.1 User Mode Considerations: Client Mode Registration explained

http://www.symantec.com/docs/TECH157004

I would recommend you import active directory users and apply them to groups for this situation to work the best.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

kintachi's picture

Hi Mithun,

    Most of the clients are installed in user mode. I just want to know if there is a way to exempt a user from the applied policy. Here's the scenario. I applied application control, I blocked a certain application. And as an admin, I want to exempt myself to the said policy.

SebastianZ's picture

Well, that's the point of using user mode - for example if there is a particular user A that has assigned the Application control policy you speak of, and there is the administrator that does not have this policy assigned. If you log out the user A, and log in as the Administrator the policy will not apply as it is a different user.

http://www.symantec.com/docs/TECH102686

https://www-secure.symantec.com/connect/forums/com...

 

...as per above articles:

User mode:
The policies change, depending on which user is logged on to the client. The policy follows the user.

SOLUTION
Mithun Sanghavi's picture

Hello,

I agree with Sabestian's comment above.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

kintachi's picture

Hi All,

    Is there any article that clears the issue of exempting user mode on the policy? Thanks.

SebastianZ's picture

Have a look at these - maybe will be helpful to you:

When does the Symantec Endpoint Protection client switch to user mode?

http://www.symantec.com/docs/TECH147033

https://www-secure.symantec.com/connect/forums/rea...

Switching a client between user mode and computer mode

http://www.symantec.com/docs/HOWTO80734

kintachi's picture

Hi All,

I need some clarification. All of our clients are set to User Mode. We have machineA that under Group A, and that group has the policy of firefox blocking. When we login to machineA using UserA, we are unable to use firefox, and that is correct. When we try to login UserB to machineB that under Group B (without policy of firefox blocking), we are able to use firefox. When we try again to login to machineB using UserA, still we are unable to use firefox. And when we try to login to machineB using UserC, we inherit the policy of UserA. Why UserC inherit the policy of UserA, though UserC is under another group that no policy of firefox blocking?  (I hope you understand my explanation, sorry)

Thanks.