Endpoint Protection

 View Only

  • 1.  Admins cannot "Run commands on client" for Read Only groups after upgrading to RU5

    Posted Nov 16, 2009 12:19 PM
    Hello,

    We have limited administrators with Read Only access to groups.   In MR4MP2 (and prior) these admins were still able to right click on a client or group, and execute the "Run Command on Clients".     We controlled which commands they could run through their Admin settings.

    Since upgrading to RU5, these admins can no longer run ANY of the commands.  

    Is this a bug?

    Doug




  • 2.  RE: Admins cannot "Run commands on client" for Read Only groups after upgrading to RU5

    Posted Nov 16, 2009 05:46 PM
    Hi Doug,

    It's a bug fix, actually.  "Read Only" is supposed to mean "View, nothing else."  In versions prior to the current release, limited admins could actually run commands that made changes on read-only groups.  That's been fixed.

    There are currently nineteen "limited administrator" suggestions / enhancement requests / changes proposed in the forum's "Ideas" section.  If you'd like to see changes (increased granularity? more power? less?) in the was SEP interacts with LImited Admins, please pay a visit and let your voice be heard!

    Thanks and best regards,

    Mick


  • 3.  RE: Admins cannot "Run commands on client" for Read Only groups after upgrading to RU5

    Posted Nov 17, 2009 12:03 AM

    Here is a list of few Fix incorporated in RU5. Hope this helps

    The Search Client option allows limited administrators to run commands on computers in groups with no access rights
    Fix ID: 1589447
    Symptom: The Search Client option shows computers in groups that limited administrators do not have permissions to access.
    Solution: Only show the allowed groups to limited administrators.

    A Limited Administrator account is able to create packages, upgrade groups, and view reports for groups that have been blocked
    Fix ID: 1631487
    Symptom:A Limited Administrator account is able to create packages, upgrade groups, and view reports for groups that have been blocked.
    Solution: Fixed various user interfaces in the console to limit administrator access.

    Symantec Endpoint Protection Manager limited administrators can still perform administrator tasks
    Fix ID:  1222797
    Symptoms:  A Limited Administrator in Symantec Endpoint Protection Manager still has the ability to block the addition of clients to a group and add install packages to groups by right clicking the white space on the Install Package tab and clicking Add.
    Solution:  Updated the user interface panels to adhere to the user's permissions.


  • 4.  RE: Admins cannot "Run commands on client" for Read Only groups after upgrading to RU5

    Posted Nov 17, 2009 06:31 AM
    This article has some more on the subject:

    Limited Administrator can edit policies and run commands on groups with “Read-Only” permission.

    Thansk and best regards,

    Mick