Endpoint Protection

I need to create over 150 limited admin accounts in my SEP deployment. Is there a way to script this? I'm open to any legit suggestions... scripting, writing program code, working with the SQL database... whatever works and is supported.

I'm just not looking forward to creating all these admins manually by hand.

Thanks!

Just to be clear, you are trying to add 150 administrators (limited) to the SPM? The only way that to add administrators would be throught the SPM GUI. They are no supported scripts to do what you are asking.

Thomas

this is a antivirus software not your AD so the best way ( the worst that you can do to u r self is integrate the sepm with the AD login
this will save the trouble of making users in the sepm but will bring a lots of other problems . send a mail to me on exactly you need to do this

There are many available tools that are shipped with Symantec.  One of which is the "Reset password" batch file. 

This batch file, injects (manipulates) directly the database structure and renames the User: "Admin" and changes it's password back to "admin".

If this can be accomplished, than a script to inject users into the same table must be able to be accomplished.

Symantec Technical Support may not be able to indicate how to do this, but there is a way.

The Tables themselves are not easily manipulated and I wouldn't recommend you doing this unless you know what you are doing, but I am sure product development or an experience DBA could help you out on this one.

We have a tool written by one of our consultants that can do all manner of things like this... let me see if he is OK with us posting a link...

Typically its provided as part of a consulting engagement, he will help the customer set it up to do exactly what is required, etc.

@Paul -- it would be great if I could get a copy of that tool. I'd take full responsibility for figuring out how to tweak it, as we have a programming and DBA staff that can assist me. Otherwise, is this something I could request through Platinum support if I open a ticket?

@Jason1222 -- thanks for the suggestion. If we can't get the tool from Symantec, maybe our DBAs can look at the reset password script with me and see what we can come up with.

Thanks all.

I'm just wondering if Paul had gotten a chance to ask about the tool yet?

AD login with limited admins...
Use the directory authentication...
Please also see and check if you have many domains.. place the right one in...

thanks...

do we have to configure something in ad for this to work?
or in SEPMv11?
thanks.

My colleagues and I manually created 260 accounts. The only drawback of manipulating the database is the possibilty of corruption, then having to restore it.

If corruption would be the drawback then the end effect out weighs the solution...

@Paul Murgatroyd: re: the tool that was written by your consultant.. could it be placed here in the forum?
We were waiting for it...
thanks... 

Nel,

I don't think that helps him automate adding a large number of users.  The screen posted is simply how your Administrator account is authenticated.