Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  Choices for endpoint installation

    Posted Jul 29, 2020 12:25 AM
    Hello, all.

    Please tell me about the function selection when installing the endpoint.

    Question1:
    During endpoint installation There is an item to select whether or not to install the advanced policy management client.
    I understand that this is a necessary function only when centrally managing policies with enterprise management. Is this correct?

    Question2:
    About the primary store when importing users and groups
    When installing the endpoint,On the selection screen "Do you want to support users and groups from the primary store?"
    "Yes" and "No" can be selected,
    If you choose No, you can see that Windows local users can import it into the policy

    What information will be imported if I select "Yes"?
    What does the primary store mean?

    Best regards.


  • 2.  RE: Choices for endpoint installation

    Broadcom Employee
    Posted Jul 29, 2020 01:51 AM

    Hello Haruka,

     

    1)      If you do not have an Enterprises Management Server in place you can safely disable the APM on the Endpoint

    2)      If you enable OS Users then the relevant user object in the seosdb is created dynamically first time the actual user is trying to access the resource protected by PIM. If this feature is disabled you need to import / pre-define the accessor user objects in seosdb to define the relevant access rules.
    Typically this feature is enabled.

    See also our documentation around this topic:
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager-server-control/14-1/administrating/endpoint-administration-for-windows/guidelines-for-managing-accessors-in-enterprise-stores.html

     

    Regards,

    Andreas

     




    Original Message