Video Screencast Help

SEP user mode not switching users

Created: 02 Jan 2013 • Updated: 02 Jan 2013 | 11 comments

We have all of our endpoints setup as user mode in order to deploy USB device restrictions, what we have recently noticed is that when a user is logged on, then logs off, and another user logs in SEP does not notice there has been a change of users and the active policy continues to be the policy of the first user.  The only way we have managed for SEP to recognize the change of user is by opening the SEP client from the task bar.  We have the clients require a password to open so as long as the user reaches the password prompt SEP recognizes the new user.  Without opening the client it remains as the old user even if a policy update is performed.  Anyone else experience this?  We are currently on 12.1 RU1.

Comments 11 CommentsJump to latest comment

_Brian's picture

See if this applies:

https://www.symantec.com/business/support/index?pa...

You cannot switch from computer mode to user mode if the user's logon name and the computer name are already contained in any group. Switching to user mode deletes the computer name of the client from the group. It then adds the user name of the client into the group.

Was this ever working?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

hfct3ch83's picture

Thanks but it does not apply, the problem is not trying to go from computer mode to user mode but rather that a computer that is already setup as usermode will not detect when multiple users login.  

For example:

  • Computer ABC is used by User1 with no USB access
  • User1 logs off the computer
  • User2 with USB access logs in - the client still thinks User1 is in so USB is still denied
  • User2 opens SEP Client - SEP now recognizes User2 is in and allows USB
  • User2 logs off the computer
  • User1 go back into computer - SEP thinks User2 is still on and now we have an unauthorized use of USB

We have just recently began using Application and Device Control so I couldn't say if it ever worked, until now we had only been using AV functions so left clients in computer mode.

hfct3ch83's picture

I should add that I have tried this on new computers without any SEP client so the install was fresh and we have the same results.

Rafeeq's picture

any location specific policies in place?

 

hfct3ch83's picture

Everyone uses the same policies with the exception of application and device control policies.  We have two groups one called USB Restricted and another USB Allowed, the USB Restricted has the application and device policy and the USB allowed has the policy disabled.  Both groups have the same AV policy in place.  

When I look at the client in SEPM I can see User1 connected (demonstrate the green dot) when User2 is actually signed on.  As soon as User2 opens the SEP client I see the change in SEPM.

_Brian's picture

And the switch only takes place if the user opens the SEP client?

If you leave it alone, does it never switch?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

MartinHache's picture

Hi hfct3ch83

i´ve the same problem as you, did you resolve this ?
Regards
SameerU's picture

Hi

What is the version of SEP

Regards

 

MartinHache's picture

12.1 

solved this situation by creating a policy group through Active directory and execute the SymCorpUI.exe inside bin installation folder on Sep client. 

MartinHache's picture

hi Sammer, but we are not talking about switch user to computer mode, this is about a just only mode (user mode) and problems related to log on and log off 

 

For example:

  • Computer ABC is used by User1 with no USB access
  • User1 logs off the computer
  • User2 with USB access logs in - the client still thinks User1 is in so USB is still denied
  • User2 opens SEP Client - SEP now recognizes User2 is in and allows USB
  • User2 logs off the computer
  • User1 go back into computer - SEP thinks User2 is still on and now we have an unauthorized use of USB

The Console does not show   the user  currently logged