Endpoint Protection

 View Only
  • 1.  SEPv11: USB restriction on a per user profile basis

    Posted Apr 23, 2009 10:30 PM
    Hi Team,

    Could SEPv11 manage USB permission on a per user profile basis and not by computer group basis?
    Computers are used by multiple personnels with different levels of restrictions.

    Thanks,

    Nel Ramos
    IT-OCC
    Etelecare Global Solutions


  • 2.  RE: SEPv11: USB restriction on a per user profile basis

    Posted Apr 23, 2009 10:42 PM
    Do you have the same policy implemented for the Windows network? You can use that as a template and create a policy in Test mode to generate logs to see if it works without errors.

    Or, you can make a policy to prevent users from accessing files with the following extensions: .bat ,.exe ,.inf ,.db ,. html ,.mht ,.js ,.com


  • 3.  RE: SEPv11: USB restriction on a per user profile basis

    Posted Apr 23, 2009 11:03 PM
    Thanks.

    Could the restrictions be further filtered out like:

    User A can access file on the USB and copy to the HD.
    User B can read only files from USB but could not copy them to the HD

    This is good though if the AV had not detected any virus on the files accessed.

    Thanks again.

       



  • 4.  RE: SEPv11: USB restriction on a per user profile basis

    Posted Apr 24, 2009 12:22 AM
    Well you gotta push policies for a group. Having said that, you can surely have specific policies for specific computers, but you gotta put them in another group.I suggest you creat sets of 4-5 policies and put the desktops/laptops in those policy groups


  • 5.  RE: SEPv11: USB restriction on a per user profile basis

    Posted Apr 24, 2009 03:07 AM
    @vikram3500: What e12158 needs is a set of policies for specific users and not specific computers. Users in his work probably moves around and they need to have the policy be automatically loaded for that user.

    @e12158: Is it possible or feasible for your company to use vikram's suggestion of implemention on a per computer basis instead of a per user? It would make it easier to monitor the entry points of threats to specific computers rather than a roaming user.


  • 6.  RE: SEPv11: USB restriction on a per user profile basis
    Best Answer

    Posted Apr 24, 2009 06:41 AM
    I think per user based policy is only possible in Active Directory environment. The antivirus server should be the member of that domain. From SEPM go to Servers --> right click on the antivirus server name and go to "Edit Properties" --> click on Add --> enter the AD server name, ip and domain --> check whether "Synchronize with directory service" is checked or not --> click OK.

    Now go to Clients and there you will get Active directory users. Please make different group for specific users and apply policies on these groups.


  • 7.  RE: SEPv11: USB restriction on a per user profile basis

    Posted Apr 24, 2009 10:21 PM
    Great!
    User profile is needed due to user mobility.
    Thanks Mon for clearing it up and binayak for the follow through.