The Endpoint Protection Manager 12.1.2 Console is feature rich but very cumbersome at times - especially when managing access rights. After tying in our Active Directory OUs, we could potentially have over 500 containers (SEPM groups) in the console. Not to mention, we may need to assign a handful of techs various levels of access to those groups. I have to drill down through hundreds of OUs just to find the one I need. At this point, there are also some very obvious bugs in the software - Symantec Support has stated that this is by design (I don't believe that). For example, in our directory tree I assign 'Tech 1' Full rights to a container and its subgroups inside of 'domain > departments > department x > Mac computers'. A few weeks later, I create a new container at 'domain > departments > department x > Windows Computers. Suddenly, 'Tech 1' was granted read-only rights to the 'Windows Computers' group. But wait.... I didn't assign 'Tech 1' rights so how did they appear? Now, I must go through my list of limited administrators and manually unassign rights to new groups I create. I have a handful of limited administrators. I just wasted an hour of my time managing access rights....I have a hard time believing this is by design - this is also potential for a security violation.
↧