Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Altiris - Restiricted Console Access

Created: 23 Mar 2014 | 9 comments
Chibaken's picture

Hi,

I have a situation at the moment, I was task to figure out on how to restrict the access into Symantec Altiris Console. I understand that is user privilages that I can control but my requirement is to ONLY allow from a single source (i.e. An IP address) to access the console.

From my research, I have gathered that I can only do it via IIS - IP Address and Domain Restrictions. But this post a problem because when I restrict on the https://servername/Altiris, all my agents cant connect to the NS. And when I restrict on https://servername/Altiris/Console, I'm afraid that there are some services that I might be blocking. Also by blocking https://servername/Altiris/Console is not full prove as other pages such as https://servername/Altiris/Deployment can still be accessible.

Operating Systems:

Comments 9 CommentsJump to latest comment

Aeschylus's picture

Hello,

You can edit or limit the users privileges who can access your Altiris. Open Settings -> Security -> Account Management -> select Accounts in the left panel -> select account in the list on the middle of the page -> open Member Of tab in the right side of the page.

Best Regards,

Ch@gGynelL_12's picture

HI,

With regards on your concern, you shouldn't have to block access the default network shared folder of Altiris like the  deployment, patch etc. because this network shares are configured to connect to your clients and access it whenever they need it like Patch Updates, OS deployment, Software Delivery, etc. Blocking it will cause to failure to deploy all your jobs and tasks.

Not sure if it can be possible to blocked it without affecting connections with your clients, but its a best practice and also its default settings.

Regards,

JM

Anton_Nejolov's picture

The best and easy way for you is configure console restrictions using default Security Role Manager mechanism. For example create separate user account for computers or join to separate domain, etc.

Chibaken's picture

Hi,

I understand that we can restrict via Security Role Manager but I was thinking if there are other ways to leverage IIS. The problem is that my customer doesnt allow any connection to the console page and wants to limit it to a single IP address. I'm not sure if Settings > Security > Account Managements and Permission can help.

Thanks

Ch@gGynelL_12's picture

Hi,

I don't think it is possible to implement that a single IP can access your Altiris Console. Credentials only can be modified and grant access to the Altiris console. If you blocked the default connections of Altiris, you will get a problem with the connections of your clients.

Regards,

JM

aclachey's picture

Applying IP address and domain restrictions on the default site Altiris, would cause communication issues with your agents and sites servers.   You will probably have to go and edit the ip addy and domain restrictions for the sites e.g. Activity Center, Console, Reporting, ITA etc. only items that apply to console access.  

Ch@gGynelL_12's picture

Hi,

Any update regarding your concern?? Thanks..

Aeschylus's picture

Hello,

What is the current status of this? Is there any other questions? Thanks

Best Regards,