Policy should prohibit ALL users from disabling Symantec Endpoint Protection
Created: 28 Jul 2009 | 4 comments
Currently we have the policy implemented to not allow clients to stop the service without a password. This does not prevent local admins on computers from not having the option of shutting it down. The only way we have heard of to stop this is to implement a group policy object to apply to all the local admins. This should be able to be done through the software.
idea Filed Under:
Comments
which service are you suggesting?
The Symantec Management Client service can already be password protected via the SEPM.
Disallow local admins from disabling SEP 11 client
Yes I would like to see the option grayed out for Local administrators also.
We have the client service
We have the client service password protected, but that does not prohibit local admins from right clicking the yellow shield and selecting the option to Disable Symantec Endpoint Protection. It does not ask for a password when this happens. Are you saying that even though users are able to disable it via the yellow shield its not doing anything because the service is password protected? If this is the case then why even offer the option to "disable symantec endpoint protection" to the users at all?
Thanks
Totally agreed
Most of my users are local admins & most are relatively knowledgeable. As soon as they try to do something that the software stops them from doing they imediately go into the services & stop the services for SEP. I have the password option checked off, but it does not work when directly stopping the service. It seems to only work when running the smc -stop command. I can't write a group policy disallowing them to stop services because they need to be able to reset their print spoolers as they do a massive amount of printing & they sometimes hang. Please fix this, it makes the software almost worthless if half the time its turned off by the users...
Thanks.
Would you like to reply?
Login or Register to post your comment.