Video Screencast Help

Policy Supersedence

Created: 08 Mar 2013 • Updated: 11 Mar 2013 | 4 comments
This issue has been solved. See solution.

Here is the situation.  based on the groups we have set we assign mostly computer accounts to set SEP policy.  I want to add the help desk users to assign a policy to.  What I am wondering is if a user has a policy that gives them access to certain AV features and they log in to a computer that has a more restrictive set of policies will it become most restrictive wins or can I set one policy to supersede the other?

Comments 4 CommentsJump to latest comment

ᗺrian's picture

All admin rights would be determined by what you set for the admin in the SEPM. If the user is set as a Limited Admin and you only give ability to manage say the Firewall policy they will only be able to manage that policy.

The SEPM rights and rights of machines are completely separate.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

SEPM rights is only for the Console . It has nothing to do with what rights you set up with GPO

SMLatCST's picture

Are you talking about the difference between Computer mode and User mode for policy assignement?

If so, I'm afraid they cannot be mixed.  If an endpoint is in computer mode, then it will use the policies from the group in which its corresponding computer account resides in the SEPM.  If a user with a corresponding account in the SEPM group structure logs into the machine, his/her policies are ignored.