Location awareness leads towards having inside and outside our networks the same policy for users and admins but thats not what we wont to have. Users that will then use the laptop beyond our networks without connection to our SEPM, will use the policies from the "admins"-group and that is the problem, users are in the SEPM-Group "users" with a much more limiting policy. If we shut down the laptop with the admin account, the policies from the "admins"-group will remain on it. This problem is encountered only if an 11.x package is previously deployed with the 'maintain existing feature states' option. Existing 11.x clients receive a policy that incorrectly instructs them to change feature states, removing some or all protection technologies. The laptop stores all location dependent Policies from that group. Symantec Endpoint Protection Manager is migrated from 11.x to 12.1. Probably my english made it difficult to understand, but the problem is: Before we give out a laptop, we prepare it inside our networks with an administrator account that is in the SEPM-group "admins". Our infrastructure needs to have seperate policies for users and administrators independant of if they are inside our networks or outside our networks. If so, and it is the behavior that I observe, it will not work. What I've checked out is, that the client stores only the policies from the group where it is in (that means all policies that are associated with locations in this group) right? Is there any suggested or tried method i can use to remove automatically Symantec 12 from the clients when distributing FEP 2010 from SCCM. FEP 2010 cannot remove Symantec 12 automatically. Your post made me investing more time in the location thing which I was not quite familiar. Hi, We are changing our antivirus from Symantec Endpoint 12 to FEP 2010.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |