Endpoint Encryption

 View Only

  • 1.  SEE 11.1 Helpdesk Recovery

    Posted Jul 10, 2015 08:29 AM

    Our helpdesk analysts require the ability to access the helpdesk recovery feature to complete challenge/response requests for end users if they forget their password or recovery questions.The issue is the helpdesk analysts have no remote access to the SEE 11.1 management server.

    The Helpdesk Agent MMC snap in will need to be installed on their desktops (domain joined) to complete this task.

    Is this possible and what packages are required to give them access?

    Thanks 



  • 2.  RE: SEE 11.1 Helpdesk Recovery

    Posted Jul 10, 2015 10:40 AM

    The helpdesk chaps should only need the below server MSIs installed (or the 64bit equivalents):

    • SEE Management Agent.msi
    • SEE Help Desk.msi

    As far as SQL permissions go, the below articles suggest you should be able to get away with db_reader only (though these were written for earlier versions of SEE):

    http://www.symantec.com/docs/TECH159230
    http://www.symantec.com/docs/TECH170084

    #EDIT#

    Oh yeah, don't forget, SEE11.0.1 added Administrator Roles to help manage what your admins can do too.  More info can be found in the Policy Admin guide below:

    http://www.symantec.com/docs/DOC8204



  • 3.  RE: SEE 11.1 Helpdesk Recovery

    Posted Jul 10, 2015 11:44 AM

    So the below packages are just the default packages from the SYM fileconnect site and once installed the helpdesk guys launch the helpdesk agent and configure it to connect to the SEE SQL database? 

    • SEE Management Agent.msi
    • SEE Help Desk.msi

    The added administrator roles in 11.1 are a much needed addition!

     

    Thanks 



  • 4.  RE: SEE 11.1 Helpdesk Recovery
    Best Answer

    Posted Jul 10, 2015 12:17 PM

    Yup, install the Management Agent and point it at the SEEMSDb to establish the connection (if they are installing it themselves, they'll need to have been given SQL Rights before this).

    Then install the Help Desk component, open up the SEE Manager Console and add the Help Desk snapin into the MMC, save, and use.



  • 5.  RE: SEE 11.1 Helpdesk Recovery

    Posted Jul 20, 2015 04:55 AM

    Hi,  whilst logged on as the user, I opened up the SEE Manager and started the Help Desk component but each time I get a prompt to enter the SEE management password. 

    I don't want to give this password out.

    The user has db_reader permissions on the SEEMSD so I shouldn't be getting  the administrator password pormpt?

     

    Help, thanks.



  • 6.  RE: SEE 11.1 Helpdesk Recovery

    Posted Aug 07, 2015 05:38 PM

    I'm also waiting on an answer to this. I don't want to give the Helpdesk users the managment password even if the SnapIns are restricted via GPO.

     

    This will definatley get flagged as a security risk via Auditors.