Endpoint Protection

I would like to have policies that apply to all computers, but allow them to be overridden when certain users log in.

For example, I would like a policy applying to all computers that blocks usb drives.  However, if our one of our directors wants to log in and use a thumb drive I don't want the blocks to affect them. Is it possible to set policies for specific users that override the policies set on computers?

I've searched and read a bit on this, and it doesn't sound like SEP can do what I want, but I'm not sure.  It doesn't quite make sense to me based on what I've read.

Mainly, it just seems a lot easier to manage most things per computer, but a few select users need escalated rights no matter which computer they use.  Do we have to switch the entire SEP configuration to user mode in order to accomplish this?

Hi,

Policies are always applied to groups. So you need to create a policy that allows USB to be accessible. Apply that policy to  agroup.

Second part is to make sure that the clients are deployed in user mode. When a particular user logs in, the group will be changed automatically and a new policy will be applicable.

Please take a look at the following discussions:

https://www-secure.symantec.com/connect/forums/computer-mode-vs-user-mode

https://www-secure.symantec.com/connect/forums/sep-client-switch-computer-mode-user-mode-automatically-and-moving-other-group

Best,
Aniket

Also wanted to point out that you can move clients from one group to another, so if you needed to move a client around for just a small amount of time you could move the client from the group with restricted access to a group with less restrictions. So it might also make sense to make a group for "Temporary access" for those situations where you might need to bump a user to have access for just a short amount of time.

Cheers,
Grant