cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
mjkhan
Level 9
Report Inappropriate Content
Message 1 of 12

AD Account user to use for ePO 5.9

Jump to solution

Hi there,

I am new to ePO, I want to install VSE and other McAfee Product on Client PCs and Member Server in Active Directory Domain Infrastructure, but little bit confuse about which account to use for Adding the Computers in the System Tree, I don't want to use the Domain Administrator Account for security purpose. 

Is there any normal domain user I can or do I have to give some permissions to domian user and then I can manage all the agents and McAfee products in my Infra?

Please help me out with this.

Thanks.

2 Solutions

Accepted Solutions
mjkhan
Level 9
Report Inappropriate Content
Message 3 of 12

Re: AD Account user to use for ePO 5.9

Jump to solution
"Local administrator rights" means the account should have the rights on ePO Server local admin group or the clients PCs local admin group?

Thanks.
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 12

Re: AD Account user to use for ePO 5.9

Jump to solution

You can have as many accounts as you want, they do not have to be a user in epo.  That is only a windows authentication to a remote system issue and really has nothing to do with epo.  It is only used when you are doing a function that needs local admin rights to a system, no matter what that account is or how many you have.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

11 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: AD Account user to use for ePO 5.9

Jump to solution

The only domain credentials you will need is a domain admin (an account that has local administrator rights) in order to deploy the agent.  That isn't an account you need to log into epo with, that is just for agent deployments.  Once you have a different account set up in epo and the systems have the agent, all you need to do is check in the products you want to deploy, set policies as desired, and set up a client task to deploy it and to get dat updates.  The product guide is pretty good about walking you through that.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

mjkhan
Level 9
Report Inappropriate Content
Message 3 of 12

Re: AD Account user to use for ePO 5.9

Jump to solution
"Local administrator rights" means the account should have the rights on ePO Server local admin group or the clients PCs local admin group?

Thanks.
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 12

Re: AD Account user to use for ePO 5.9

Jump to solution

The clients.  If you look at KB56386, you will see the environmental requirements to push an agent to a system.  You have to have rights basically to map to the admin$ share of a system, copy a file there and execute it.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

mjkhan
Level 9
Report Inappropriate Content
Message 5 of 12

Re: AD Account user to use for ePO 5.9

Jump to solution
How about if I want to have two different local admins one for Client PCs and one for Member Server, is it possible in ePO to use both?
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 12

Re: AD Account user to use for ePO 5.9

Jump to solution

What do you mean for member server?  The only place you would use those type of system admin credentials is when you choose the action to deploy agent. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

mjkhan
Level 9
Report Inappropriate Content
Message 7 of 12

Re: AD Account user to use for ePO 5.9

Jump to solution
I mean to say, I am not going to have same account of local administrator for Member Server and Client PCs, I will have different accounts say:
1. One Local Administrator will be added from AD to Member Servers.
2. One Local Administrator will be added from AD to Client PCs(Laptop or Desktop).
This way if my Client PCs' Local administrator is hacked(using Hash or Kerboros Ticket) then it will not effect my Member Servers.
So can I have two different account for deployment of agent/mcafee products?
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 12

Re: AD Account user to use for ePO 5.9

Jump to solution

You can have as many accounts as you want, they do not have to be a user in epo.  That is only a windows authentication to a remote system issue and really has nothing to do with epo.  It is only used when you are doing a function that needs local admin rights to a system, no matter what that account is or how many you have.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

mjkhan
Level 9
Report Inappropriate Content
Message 9 of 12

Re: AD Account user to use for ePO 5.9

Jump to solution
Can we have some solution on this sir for the last post using api(don't know how to use api in mcafee)...
https://community.mcafee.com/t5/ePolicy-Orchestrator/Can-we-add-multiple-ransomware-rules-at-the-sam...
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 10 of 12

Re: AD Account user to use for ePO 5.9

Jump to solution

for web api questions, please go to this forum - https://community.mcafee.com/t5/McAfee-Open-Source/bd-p/mcafee-open-source

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?