Endpoint Protection

In SEPM it is possible to prevent users from disabling SEP.

I did set a password on al the options and when i try to do something in the SEP interface, it asks for a password.

OK, i thought it was done. Only Administrators can disable SEP as said in de documentation.

But one option isn't blocked:

A normal user can stop all the SEP options?

I did find out that only normal user are blocked.

Local Power Users are still able to stop SEP.

Because our Domain Users need local Power Users rights we have an problem.

 

Somebody solved this problem an can help me?

Kind Regards

Hi, check this link. https://www-secure.symantec.com/connect/forums/how-disable-option-disable-symantec-endpoint-protection-client-computers-sep-1106

Go thru this link:

How to block a user's ability to disable Symantec Endpoint Protection on Clients

Article:TECH102822

|

Created: 2007-01-05

|

Updated: 2013-07-30

|

Article URL http://www.symantec.com/docs/TECH102822

 

Make sure the lock icons are closed in the Policies.

Hello,

You can determine the level of interaction that you want users to have on the Symantec Endpoint Protection client. Choose which features are available for users to configure. For example, you can control the number of notifications that appear and limit users' ability to create firewall rules and virus and spyware scans. You can also give users full access to the user interface.

The features that users can customize for the user interface are called managed settings. The user does not have access to all the client features, such as password protection.

To password-protect the client

1. In the console, click Clients.

2. Under Clients, select the group for which you want to set up password protection.

3. On the Policies tab, under Location-independent Policies and Settings, click General Settings.

4. Click Security Settings.

5. On the Security Settings tab, choose any of the following check boxes:

   • Require a password to open the client user interface

   • Require a password to stop the client service

   •  Require a password to import or export a policy

   • Require a password to uninstall the client

6. In the Password text box, type the password.

   The password is limited to 15 characters or less.

7. In the Confirm password text box, type the password again.

8. Click OK.

Check these Articles which may assist you with all the Information you are looking for:

How to prevent SEP features from being disabled in the client GUI in SEP 12.1

http://www.symantec.com/docs/TECH168990

How to block a user's ability to disable Symantec Endpoint Protection on Clients

How do you lock down SEP client interface so that end users cannot disable components or modify settings.

http://www.symantec.com/docs/TECH136678

How to restrict users from making configuration changes to the Symantec Endpoint Protection client.

http://www.symantec.com/docs/TECH102370

Again, Check this Thread:

https://www-secure.symantec.com/connect/forums/how-do-i-temporary-enable-users-ability-disable-symantec-endpoint-protection-clients

Hope that helps!!

follow this document

Local users with admin rights will still be able to disable it ( thats how it is now)

you can configure password to open sep interface, to stop service, to uninstall

How do you lock down SEP client interface so that end users cannot disable components or modify settings

http://www.symantec.com/docs/TECH136678

How to restrict users from making configuration changes to the Symantec Endpoint Protection client

http://www.symantec.com/docs/TECH102370

How to block a user's ability to disable Symantec Endpoint Protection on Clients

Article:TECH102822

|

Created: 2007-01-05

|

Updated: 2013-03-18

|

Article URLhttp://www.symantec.com/docs/TECH102822

 

Check thises Symantec article's

How to block a user's ability to disable Symantec Endpoint Protection on Clients

Article:TECH102822

|

Created: 2007-01-05

|

Updated: 2013-03-19

|

Article URL http://www.symantec.com/docs/TECH102822

How do you lock down SEP client interface so that end users cannot disable components or modify settings.

Article:TECH136678

|

Created: 2010-01-26

|

Updated: 2011-03-10

|

Article URL http://www.symantec.com/docs/TECH136678

 

Thanx for all the quick reply's.

I had alread read al the other articles.

But one thing is not as it should be.

Documentation says: Only local admins can disable SEP.

Local Power Users are NOT local Adminstrator.

When i logon as local "User" at the workstation, the option "disable SEP" in the tray icon is greyed out.

When i logon as local "Power User" at the workstation, the option "disable SEP" in the tray icon is NOT greyed out.

Windows XP in Domain.

When SEP is disabled, open the GUI and check to see what components are actually disabled. It will show at the top. Let me know.

Power user seems to be a problem.....

OK.

An little bit confused. Users greyed out, Power Users not.

It disabled only the firewall.

Now i have to find something to 'protect' the SEP firewall! 

 

Thanx for all your help!

Thanx Brian for the hint!