Endpoint Protection

 View Only
  • 1.  Need to limit control on Symantec end point protection manager

    Posted Sep 27, 2010 02:21 AM

    We are in a Enterprise users of Symantec end point protection manager. We need to give access the SEPM console to the circles also for changing the groups of their relative client machines.

     

    We have already provided the limited access to them for some group changes.But it is possible to limit the deletion of group in Symantec end point protection manager console.



  • 2.  RE: Need to limit control on Symantec end point protection manager

    Posted Sep 27, 2010 02:33 AM

    Only for deletion it is not possible.But You can give read-only permission so that they will not be able to do any modification to the groups(Both delete or create..)



  • 3.  RE: Need to limit control on Symantec end point protection manager

    Broadcom Employee
    Posted Sep 27, 2010 02:53 AM

    you may need to set to the group for read only. By doing this the limited administrator cannot delete the clients from SEPM console.



  • 4.  RE: Need to limit control on Symantec end point protection manager

    Posted Sep 27, 2010 07:11 AM

    Thanks for your response.

    Ultimately we require Changing of group ok but should not delete the groups or clients.

     

    is any script or patch available.... 



  • 5.  RE: Need to limit control on Symantec end point protection manager

    Posted Sep 27, 2010 07:20 AM

    If you give read-only permission you can achieve this...

    if you want to move the clients to a particular geoup you can use scripts.You can use MoveClient.vbs for it.It is available in the SEP CD.



  • 6.  RE: Need to limit control on Symantec end point protection manager

    Posted Sep 27, 2010 12:40 PM

    Hi all,

    This thread is now included in the weekly Security Solutions Contest.  Simply solve this thread, or any included in the contest, and you could be crowned "King of the Week" and win a weekly prize.  Check out all the details here:

    https://www-secure.symantec.com/connect/forums/new-security-solutions-contest-be-king-week-starting-august-30th

    Best,

    Eric



  • 7.  RE: Need to limit control on Symantec end point protection manager



  • 8.  RE: Need to limit control on Symantec end point protection manager
    Best Answer

    Posted Sep 28, 2010 01:45 AM

    A limited administrator can only  perform the following tasks in SEPM:


    ■ Perform tasks within a domain but cannot manage a domain.


    ■ Manages the reports, runs remote commands, and configures policies for specific groups within a single domain. Limited administrators who do not have access to a specific policy and related settings cannot view or modify the policy. In addition, they cannot apply,
    replace, or withdraw a policy.


    ■ Cannot create other limited administrator accounts.Only a system administrator or an administrator can configure the rights for the limited administrator.


    ■ Manages the password rights for own account only.


    ■ Can view Home, Monitors, or Reports pages in the console only if given reporting rights.

     

    By default, limited administrators do not have any access rights. You must explicitly configure reporting rights, group rights, command rights, and policy rights for this type of administrator.

     

    Reporting Rights: For limited administrators, specifies all the computers for which the administrator can run reports. Also specifies the server groups that run Symantec AntiVirus 10.x for which the administrator can view reports.

    Group Rights:  For limited administrators only, specifies which groups the limited administrator can view and manage (full access), can view only (read-only access), or cannot view (no access)

    Command Rights :For limited administrators only, specifies which commands the limited administrator can run on the client computers. The limited administrator can only run these commands on the clients and groups that they have full access for.
    Command rights are only available if reporting rights or group rights are configured for the limited administrator

    Policy Type Rights: For limited administrators only, specifies which policies and policy-related settings the administrator can manage.



  • 9.  RE: Need to limit control on Symantec end point protection manager

    Trusted Advisor
    Posted Sep 28, 2010 11:59 AM

    Articles:

    1) How to Create and Manage Administrators in the Symantec Endpoint Protection Manager (SEPM)
     
     
    2) How to change Manage Group permissions for Limited Administrators in SEPM for multiple groups.