Video Screencast Help

SEPM Limit User Access To Certain Groups

Created: 29 Sep 2011 • Updated: 29 Sep 2011 | 7 comments
clynch's picture
This issue has been solved. See solution.

Hi All,

I manage a large SEPM estate with over 2000 endpoints across over 50 different groups using SEP 11.0.7. Each one of these groups is completely separate to any other. They are different customers.

When I give one customer a logon to access their group of endpoints I create a user account and restrict them to only be able to access the "My Company" folder along with the folder where their endpoints reside. This works fine until I create a new group. Now every user account automatically has access to this new group also.

What I need to do is create a user account which only has access to their group and no matter what other groups get created, the access doesn't change.

So far after creating a new group I need to go in and remove the access to that group from every account. This is not practical anymore due to large amount of user accounts and groups.

Am I creating the accounts incorrectly? How can I make sure that when a user account is created with access to a group the access doesn't change no matter how many additional groups are created?

 

Thank you in advance for any help / advice.

Conor

Comments 7 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

This issue has been resolved in the SEP version 12.1

Check these Articles:

1) About administrators

http://www.symantec.com/docs/HOWTO55478

2) Managing domains and administrator accounts

 
3) Adding an administrator account
 
 
4) Changing an administrator's type
 
 
5) Configuring the access rights for a limited administrator
 
 
6) Configuring the access rights for a domain administrator
 
 
 
Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
clynch's picture

I've read a bit on the known issues with upgrading to 12.1 on a machine running backup exec http://www.symantec.com/business/support/index?page=content&id=TECH163700

We have about 70 servers running backup exec each with 11.0.7. The current fix of upgrading to backup exec 2010r3 is not an option.

Do you know if this has been resolved? Some of the known issues are a real worry

Conor Lynch
STS, CCEE, MCITP Hyper-V

PFH Cloud Services

SMLatCST's picture

...SEP Domains in this instance, located under Admin -> Domains.  These are completely unrelated to Active Directory and exists only within SEP.

Have a read: http://www.symantec.com/docs/HOWTO55042

Ideally you'd have a SEP Domain for each of your customers...

clynch's picture

The problem with using a seperate domain for each customer is that there would be no main overview of all endpoints.

I want to customers to be able to log in and view only there own machines but I also want to be able to log in and see a full overview of all sites.

Conor Lynch
STS, CCEE, MCITP Hyper-V

PFH Cloud Services

Mithun Sanghavi's picture

Hello Conor,

Your Unpublished comment reads:

"

Thanks Sanghavi

I've read a bit on the known issues with upgrading to 12.1 on a machine running backup exechttp://www.symantec.com/business/support/index?page=content&id=TECH163700

We have about 70 servers running backup exec each with 11.0.7. The current fix of upgrading to backup exec 2010r3 is not an option.

Do you know if this has been resolved? Some of the known issues are a real worry

"

Answer to the Same:

Could you please let us know what version of Backup Exec are you using?

As the Article suggests,

This error is caused by a problem with a Backup Exec CPS driver. This has been fixed in Symantec Backup Exec 2010 R3.

Would it be possible for you to Upgrade Backup Exec 2010 R3 or Later.

I know this is a Herculean Task. However a Fix.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

clynch's picture

We have everything from veritas 8.6 through to 2010r2 and everyting in between. We manage the AV for a lot of customers all checking back into one management console.

I might just upgrade the SEPM without pushing out a new client and then push out the client to what I know won't be affected.

Conor Lynch
STS, CCEE, MCITP Hyper-V

PFH Cloud Services