Endpoint Protection

 View Only

  • 1.  Multiple SEPMs report to a central SEPM

    Posted Aug 19, 2009 04:47 PM
    Please assist in getting over this mental hurdle that I cannot seem to do.  Let me lay it out for you.

    SEPM's will need to be installed at
    District A (main office)
    District B
    District C
    District D
    District E
    District F
    District G

    Each District has its own Sys Admin that needs to view ONLY his District's clients except for District A (lets just consider District A to be the main/chief office).  Those SysAdmins will monitor and trouble shoot any problems at their district.  The flip side of that is District A needs to be the central location for all of the clients across all districts.  This allows the Sys admin at District A to keep a eye on any Virus Events, Network health, etc by clicking through the respective Groups held within the Clients piece.


    Now, I am obviously missing something (and I'm sure it's simple).  How do I do this?  We tried replication of District A+B, but B was able to see all of A's clients.  

    thanks in advance.


  • 2.  RE: Multiple SEPMs report to a central SEPM

    Posted Aug 19, 2009 05:13 PM
    You can configure the Limited Admins rights to individual groups as shown in the screenshot.

    imagebrowser image


  • 3.  RE: Multiple SEPMs report to a central SEPM

    Posted Aug 19, 2009 05:59 PM
    First thing is there is no need to create 7 replication partners.

    Second thing more than 5 replication partners with Embedded database will give you problems later on hence avoide it.

    You can set up GUPs fro your Site A to G

    Create Groups A , Group B ...........to Group G.

    Create one Group update provider for each group.

    Now As Cycle tech told Create % Admin account your main SEPM & give them limited privilages & let Admin for Group A see only Group A clients. hence this way you can get what you are expecting with very simple setup.

    There is no need to seyup replication in this case.

    Hope this helps you.


  • 4.  RE: Multiple SEPMs report to a central SEPM

    Posted Aug 19, 2009 06:14 PM
    In my opnion looking at your senario , There could be 2 options :

    1. Configuring  multiple domains.
    2. Create 7 groups with Seven administator for each group and have a main admin for SEPM ( the solution provided by Cycle tech )

    If you want to know more about that Go to the Chapter 4  of the Admin Guide.Pg 69 onwards.
     Managing domains and administrators. It has all the information


  • 5.  RE: Multiple SEPMs report to a central SEPM

    Posted Aug 19, 2009 11:29 PM
    You can use the symantec endpoint protection manager web console for them to manager their district. And as Cycletech has mentioned sysadmins will only be able to view the group of their location. Regards,


  • 6.  RE: Multiple SEPMs report to a central SEPM

    Posted Aug 20, 2009 12:10 AM
    I had to consider this also, during my installation.
    I decided to go with setting up individual domains for each site.
    Although it is an extra step to manage both clients and policies for each domain, the management of administrators was better this way.

    I'm still testing before rolling out to 80+ sites.
    I'm yet to consider what impact an additional domain for each site will have on bandwidth/traffic.

    Regards,
    Andrew