Endpoint Protection

 View Only

  • 1.  Allow Live Update for Certain Users?

    Posted Feb 18, 2019 02:58 PM

    Customer wants to implement some new security policies, one of which is disabling anyone from using Live Update. I'd like to keep that functionality but perhaps limit it to domain admins and help desk personnel. Many times a client will not update because of communcation issue to the GUP or SEPM and a help desk person remoting into the workstation and running LU will fix things.

    Is there any way to create a policy that will allow certain users to run LU? I'm not seeing any way to do that, as policies are bound to clients and not users as far as I know. 



  • 2.  RE: Allow Live Update for Certain Users?

    Posted Feb 18, 2019 03:00 PM

    BTW, I do have a PowerShell script to run LU on a remote client but sometimes it doesn't work and RDP'ing into the box is the only way.



  • 3.  RE: Allow Live Update for Certain Users?
    Best Answer

    Posted Feb 18, 2019 03:01 PM

    There isn't. You'd need to create groups in SEPM for each of these departmants flip them to user mode with a policy to allow LU usage:

    https://www.symantec.com/docs/TECH102686



  • 4.  RE: Allow Live Update for Certain Users?

    Posted Feb 19, 2019 08:33 AM

    Not sure I'm clear on that.  We sync SEPM with our AD structure so we do have admin groups. So, can I apply an unrestricted LU policy to an admin group? 

    If an admin needs to run LU on a remote computer he switches the client mode to "user" then when he RDPs to the box and logs on the unrestricted LU policy will be applied and he can run LU?