This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Role-based Device Control for creating Exceptions?

We need some way to create a role that is allowed to view Device Control Events and add exceptions for devices without being able to modify policies and perform other higher tasks that should only be allowed to the Administrator. How can we do this using Endpoint Protection Advanced?

This thread was automatically locked due to age.

0 QC over 13 years ago

Hello ttl,
adding exceptions is modifying policies - the existing rights are not that granular. There's just the Policy setting - device control right which encompasses Create, duplicate, rename, edit, reset and delete device control policies. (within the sub-estate).
I know this doesn't help, sorry.
Christian
:28165
Cancel
Vote Up 0 Vote Down

Cancel
0 ttl over 13 years ago

Thanks for the reply -- is there some way to audit what changes are made to the policy then? It appears that there is the potential for someone from helpdesk (for example) to either mistakenly or purposefully disable or modify the policy without anyone knowing that it was done or by whom.
:28341
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 13 years ago

Hello ttl,
I'm not aware of a regular audit trail of this kind (although the information might be available in traces but they aren't intended for regular operation - it's definitely not C2 security). Can't say if there is only little demand for audit and/or more granular control of rights - at least from this forum it looks like most installations are content with what's available. Submitting a feature request doesn't guarantee it will be implemented but it will add some weight if there are already similar ones.
Christian
:28479
Cancel
Vote Up 0 Vote Down

Cancel