A limited administrator can only perform the following tasks in SEPM:
■ Perform tasks within a domain but cannot manage a domain.
■ Manages the reports, runs remote commands, and configures policies for specific groups within a single domain. Limited administrators who do not have access to a specific policy and related settings cannot view or modify the policy. In addition, they cannot apply,
replace, or withdraw a policy.
■ Cannot create other limited administrator accounts.Only a system administrator or an administrator can configure the rights for the limited administrator.
■ Manages the password rights for own account only.
■ Can view Home, Monitors, or Reports pages in the console only if given reporting rights.
By default, limited administrators do not have any access rights. You must explicitly configure reporting rights, group rights, command rights, and policy rights for this type of administrator.
Reporting Rights: For limited administrators, specifies all the computers for which the administrator can run reports. Also specifies the server groups that run Symantec AntiVirus 10.x for which the administrator can view reports.
Group Rights: For limited administrators only, specifies which groups the limited administrator can view and manage (full access), can view only (read-only access), or cannot view (no access)
Command Rights :For limited administrators only, specifies which commands the limited administrator can run on the client computers. The limited administrator can only run these commands on the clients and groups that they have full access for.
Command rights are only available if reporting rights or group rights are configured for the limited administrator
Policy Type Rights: For limited administrators only, specifies which policies and policy-related settings the administrator can manage.