Video Screencast Help

How to block "Disable Symantec Endpoint Protection" in Taskbar icon.

Created: 29 Aug 2013 • Updated: 29 Aug 2013 | 11 comments
This issue has been solved. See solution.

In SEPM it is possible to prevent users from disabling SEP.

I did set a password on al the options and when i try to do something in the SEP interface, it asks for a password.

OK, i thought it was done. Only Administrators can disable SEP as said in de documentation.

But one option isn't blocked:

Untitled.jpg

A normal user can stop all the SEP options?

I did find out that only normal user are blocked.

Local Power Users are still able to stop SEP.

Because our Domain Users need local Power Users rights we have an problem.

 

Somebody solved this problem an can help me?

Kind Regards

Operating Systems:

Comments 11 CommentsJump to latest comment

Rafeeq's picture

follow this document

Local users with admin rights will still be able to disable it ( thats how it is now)

you can configure password to open sep interface, to stop service, to uninstall

How do you lock down SEP client interface so that end users cannot disable components or modify settings

http://www.symantec.com/docs/TECH136678

How to restrict users from making configuration changes to the Symantec Endpoint Protection client

http://www.symantec.com/docs/TECH102370

How to block a user's ability to disable Symantec Endpoint Protection on Clients

Article:TECH102822  |  Created: 2007-01-05  |  Updated: 2013-03-18  |  Article URLhttp://www.symantec.com/docs/TECH102822

 

Mithun Sanghavi's picture

Hello,

You can determine the level of interaction that you want users to have on the Symantec Endpoint Protection client. Choose which features are available for users to configure. For example, you can control the number of notifications that appear and limit users' ability to create firewall rules and virus and spyware scans. You can also give users full access to the user interface.

The features that users can customize for the user interface are called managed settings. The user does not have access to all the client features, such as password protection.

To determine the level of user interaction, you can customize the user interface in the following ways:

  • For virus and spyware settings, you can lock or unlock the settings.

  • For firewall settings, intrusion prevention settings, and for some client user interface settings, you can set the user control level and configure the associated settings.

  • You can password-protect the client.

To password-protect the client

  1. In the console, click Clients.

  2. Under Clients, select the group for which you want to set up password protection.

  3. On the Policies tab, under Location-independent Policies and Settings, click General Settings.

  4. Click Security Settings.

  5. On the Security Settings tab, choose any of the following check boxes:

    • Require a password to open the client user interface

    • Require a password to stop the client service

    •  Require a password to import or export a policy

    • Require a password to uninstall the client

  6. In the Password text box, type the password.

    The password is limited to 15 characters or less.

  7. In the Confirm password text box, type the password again.

  8. Click OK.

Check these Articles which may assist you with all the Information you are looking for:

How to prevent SEP features from being disabled in the client GUI in SEP 12.1

http://www.symantec.com/docs/TECH168990

How to block a user's ability to disable Symantec Endpoint Protection on Clients

How do you lock down SEP client interface so that end users cannot disable components or modify settings.

http://www.symantec.com/docs/TECH136678

How to restrict users from making configuration changes to the Symantec Endpoint Protection client.

http://www.symantec.com/docs/TECH102370

Again, Check this Thread:

https://www-secure.symantec.com/connect/forums/how-do-i-temporary-enable-users-ability-disable-symantec-endpoint-protection-clients

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

Go thru this link:

How to block a user's ability to disable Symantec Endpoint Protection on Clients

Article:TECH102822  |  Created: 2007-01-05  |  Updated: 2013-07-30  |  Article URL http://www.symantec.com/docs/TECH102822

 

Make sure the lock icons are closed in the Policies.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ambesh_444's picture

Check thises Symantec article's

How to block a user's ability to disable Symantec Endpoint Protection on Clients

Article:TECH102822  |  Created: 2007-01-05  |  Updated: 2013-03-19  |  Article URL http://www.symantec.com/docs/TECH102822

How do you lock down SEP client interface so that end users cannot disable components or modify settings.

Article:TECH136678  |  Created: 2010-01-26  |  Updated: 2011-03-10  |  Article URL http://www.symantec.com/docs/TECH136678
 

 

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Vuilverwerking's picture

Thanx for all the quick reply's.

I had alread read al the other articles.

But one thing is not as it should be.

Documentation says: Only local admins can disable SEP.

Local Power Users are NOT local Adminstrator.

When i logon as local "User" at the workstation, the option "disable SEP" in the tray icon is greyed out.

When i logon as local "Power User" at the workstation, the option "disable SEP" in the tray icon is NOT greyed out.

Windows XP in Domain.

.Brian's picture

When SEP is disabled, open the GUI and check to see what components are actually disabled. It will show at the top. Let me know.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Vuilverwerking's picture

OK.

An little bit confused. Users greyed out, Power Users not.

It disabled only the firewall.

Now i have to find something to 'protect' the SEP firewall!  cheeky

 

Thanx for all your help!

Thanx Brian for the hint!

 

Capture1.JPG