Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Limited Admin View Policies

Created: 04 Feb 2013 • Updated: 05 Feb 2013 | 4 comments

Hello,

When creating limited admin accounts, I would like to give the admins ability to view the policies but not change them.  SEPM currently only allows me to check on “Manage Policies” and then check on “Do not allow editing of shared policies”.  However,  the effect of this is that when a limited admin does, try to view the policy, they get the option of creating a non-shared policy from copy on to that group.  We do not want this, as this can affect any computer in that folder.  How can we keep the settings so that an administrator can view the policy at the same time cannot create a non-shared policy? 

 

 

 

 

Comments 4 CommentsJump to latest comment

.Brian's picture

You need set the access to Read only for the "Manage Groups" setting. If it is set to Full Access they will be able to create non shared policies like they are already doing. The groups they can manage need to be Read-Only. So in your sscreenshot above click on "Group Rights" next to "Manage Groups" and set the groups to read-only for that admin

 

Configuring the access rights for a limited administrator

Article:HOWTO55037  |  Created: 2011-06-29  |  Updated: 2011-12-17  |  Article URL http://www.symantec.com/docs/HOWTO55037

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

Additional information about configuring the administrator rights:

http://www.symantec.com/docs/HOWTO55094

Adamster's picture

I want to give administrators access to groups so that they can move a client from one group to another, at the same time, I do not want them to have access to create any kind of policy. Is this possible?

.Brian's picture

No.

If you want them move PCs than they need full access to the group.

But, if you don't want them creating non shared policies, than they need Read-only access, which also will not allow them to move PCs.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.