Endpoint Protection

 View Only

Advantages and Disadvantages of Active Directory with Symantec Endpoint Protection Manager 

Mar 05, 2012 07:11 AM


As an optional feature, the Symantec Endpoint Protection Manager can be integrated with the Active Directory. The Symantec Endpoint Protection Manager can import the organizational unit and the account data and synchronize that data with the Active Directory automatically. The administrator can then use the existing organizational unit as a unit to assign the group policy to, just as with a group. 

An Organizational Unit is treated as a special type of group because the imported organizational unit and the accounts in that unit cannot be modified. However, the organizational unit along with its data can be deleted as a whole by the administrator. Groups cannot be created under the Organizational Unit. The parent of an Organizational Unit can be the Group or the Organizational Unit. The administrator can select accounts from an Organizational Unit and move them to a specified group, for example, the administrator can create a group for remote users, move all of the remote users from their current organizational unit to a newly created group and assign a group policy that is tailored for the remote users in that group.

Reference: http://www.symantec.com/business/support/index?page=content&id=TECH102546


1)      Easy Management of clients  As PCs are joined to the domain, they *should* automatically move to the correct group.

2)      Easy to know if any clients have SEP client installed or not.

3)     User mode configuration works best with AD Sync.

4)     AD sync will be apt for a network with more than 10k clients to manage the groups.

5)      Find Unmanaged Computers--You can scan a whole range of IP address..which will find your computers..no need to specify any name leave that blank..You can deploy as many clients you want.

6)      Migration and Deployment wiz--Click ok Domain click Add--Supply Domain admin credentials--s,-Skip the offline client it will add all your machines ( except the ones which cannot be contacted ) then you can start the deployment on all of them at once.

7)      can do GPO deployment


1)      Cannot move a client from one group to another, Has to be done from the active directory only.

2)      if copied the client will be available as per the OU structure in the existing group but will be copied to the new group where policy from new group will be applied.

3)      During the copy procedure, it’s possible that a single client may use more than 1 seat, causing over deployment.

4)      Cannot switch the mode manually

5)      Not easy to apply policies for various components.

6)      Ideal only for Large environments.

7)      Imported Organizational Units are read only. Data in the Organizational Unit cannot be changed manually. 


Advantage & Disadvantage is based on how your AD structure is based on.






0 Favorited
0 Files

Tags and Keywords


Jul 17, 2012 07:32 AM

Thank You!

Mar 06, 2012 04:13 PM

Looks like real life experience documented here. Not just some theoretical 'this is how we believe it should work' seen many times from multiple vendors.

Mar 05, 2012 10:58 PM

Here is what we really want...

Thanks Simpson....!!!

Related Entries and Links

No Related Resource entered.