Hello Everyone,
By default when you do a install of Symantec Endpoint Protection Manager an 'admin' account gets created with full access and permissions to all areas of Symantc Endpoint Protection Manager.
You use administrators to manage your company's organizational structure and network security. For a small company, you may only need one administrator. For a large company with multiple sites and domains, you most likely need multiple administrators, some of whom have more access rights than others.
You can create additional administrators as per business requirement.
To add new administrator first time you need to login with 'admin' account.
Go to the Admin--> Administrators --> Add an administrator
Image may be NSFW.
Clik here to view.
In this demonstation I have created two more an administrators.
User1 - System administrator
User2 - Limited Administrator
Image may be NSFW.
Clik here to view.
By looking at an admin symbol you can gauge what kind of rights they have.
Image may be NSFW.
Clik here to view.
A system administrator can perform the following tasks:
Manage all domains.
Create and manage all other system administrator accounts, administrator accounts, and limited administrator accounts for all domains.
Manage the databases and management servers.
Manage Enforcers.
Can view and manage all console settings.
Image may be NSFW.
Clik here to view.
An administrator, who is also referred to as a domain administrator, can perform the following tasks:
Manage a single domain.
Create and manage administrator accounts and limited administrator accounts within a single domain.
You can specify access rights to run reports and manage sites.
See Configuring the access rights for a domain administrator.
You can authorize administrators to fully manage a site through Site Rights, including the database and all servers for a site.
Administrators who are fully authorized to manage a site can modify site rights for other administrators and limited administrators.
Administrators cannot modify their own site rights. System administrators must perform this function.
For administrators who are not authorized to manage a site through Site Rights, the administrator cannot modify site rights for other administrators and limited administrators.
Manage the password rights for limited administrators and other administrators who have equal or less restrictive access rights.
Cannot manage Enforcers.
Image may be NSFW.
Clik here to view.
A limited administrator can be granted access to perform tasks within a single domain. These tasks include:
Run reports on specified computers, IP addresses, groups, and servers.
View Home, Monitors, and Reports pages in the console only if granted reporting rights.
Manage the groups within a single domain.
Remotely run commands on client computers.
Fully manage a site, or, view or manage the database or the selected servers for a site within a single domain.
View or manage installation packages.
Manage policies
Limited administrators who do not have access to a specific policy and related settings cannot view or modify the policy. In addition, they cannot apply, replace, or withdraw a policy.
See Configuring the access rights for a limited administrator.
Cannot create other limited administrator accounts.
Only a system administrator or an administrator can create limited administrator accounts.
Manage the password rights for own account only.
If logged in as an administrator then license tab & Domain tab will not be listed.
Image may be NSFW.
Clik here to view.
If you do not want administrator to manged the single site then you can remove that access as well.
Go to the Admin --> Administrator --> Edit an administrator, in this example Edit User1 an administrator --> Access rights --> Site rights-> Select 'Not authorized to manage this site'
Image may be NSFW.
Clik here to view.
Now user1 won't get an access to Server tab,License tab & domain tab, check this screenshot.
Image may be NSFW.
Clik here to view.
In this demonstation we have created 'User2' as a limitead administrator. User2 is allowed to only managed installation packages.
Image may be NSFW.
Clik here to view.
After login User2 will be only able to see Administrator tab & Installation package.
In the administrator tab he will be able to see only his own account.
Image may be NSFW.
Clik here to view.
Helpful Articles:
About administrators
http://www.symantec.com/docs/HOWTO55478
Managing domains and administrator accounts
http://www.symantec.com/docs/HOWTO55094
Adding an administrator account
http://www.symantec.com/docs/HOWTO55403
About access rights
http://www.symantec.com/docs/HOWTO55041
Configuring the access rights for a limited administrator
http://www.symantec.com/docs/HOWTO55037
How to change Manage Group permissions for Limited Administrators in SEPM for multiple groups.
http://www.symantec.com/docs/TECH92651
Which administrator activities are logged in the Symantec Endpoint Protection Manager console?
http://www.symantec.com/docs/TECH141668
About administrator account roles and access rights (Endpoint Protection 12.1.2)
http://www.symantec.com/docs/HOWTO81226