Video Screencast Help

User Mode for SEP 12.1

Created: 29 Jul 2013 | 4 comments

Hi,

Currently all of my cliens are in computer mode.  I would like to convert a subset of machines to user mode and have different firewalls policies based on who the user is.  Is this a reasonable way to use user mode?  Can I setup a SEP group to use user mode?  If not, how would I convert several machines to user mode?  I am running SEP 12.1 on Windows 7.

 

Thanks,

 

Bob

Operating Systems:

Comments 4 CommentsJump to latest comment

.Brian's picture

This is something you can do. Have a look at thess KBAs for guidance:

http://www.symantec.com/docs/HOWTO27008

http://www.symantec.com/docs/TECH201075

http://www.symantec.com/docs/TECH157004

You switch clients from computer to user mode in the SEPM by right clicking the client and switching to user mode.

http://www.symantec.com/docs/HOWTO27005

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

BzlBob's picture

Hi Brian,

Is it ok to assign users to one SEP group yet use computer mode for all other SEP groups?  And can I leverage AD groups instead of assigning individual users to a SEP group?  

Thanks,

 

Bob

.Brian's picture

Yes, you could do that as long as you break inheritance on the new testing group.

You could sync AD with SEPM although it can cause a pain in terms of AD administration. Any time you need to make changes you need to move the PC in AD first and then sync with SEPM.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

AjinBabu's picture

HI,

Switching a client between user mode and computer mode

You add clients to be in either user mode or computer mode, based on how you want to apply policies to the clients in groups. After a user or a computer is added to a group, it assumes the policies that were assigned to the group.

When you add a client, it defaults to computer mode, which takes precedence over user mode.

Mode

Description

Computer mode

The client computer gets the policies from the group of which the computer is a member. The client protects the computer with the same policies, regardless of which user is logged on to the computer. The policy follows the group that the computer is in. Computer mode is the default setting. Many organizations configure a majority of clients in computer mode. Based on your network environment, you might want to configure a few clients with special requirements as users.

User mode

The client computer gets the policies from the group of which the user is a member. The policies change, depending on which user is logged on to the client. The policy follows the user.

You cannot switch from user mode to computer mode if the computer name is already in another group. Switching to computer mode deletes the user name of the client from the group and adds the computer name of the client into the group.

You cannot switch from computer mode to user mode if the user's logon name and the computer name are already contained in any group. Switching to user mode deletes the computer name of the client from the group. It then adds the user name of the client into the group.

Clients that you add in computer mode can be enabled as unmanaged detectors, and used to detect unauthorized devices.

To switch a client between user mode and computer mode

1.    In the console, click Clients.

2.    On the Clients page, under Clients, select the group that contains the user or computer.

3.    On the Clients tab, right-click the computer or the user name in the table, and then select either Switch to Computer Mode or Switch to User Mode.

This mode is a toggle setting so one or the other always displays. The information in the table changes to reflect the new setting.

Regards

Ajin