cancel
Showing results for 
Search instead for 
Did you mean: 
ash422
Level 9
Report Inappropriate Content
Message 1 of 5

Account privileges for System Tree McAfee Agent Deployment

Jump to solution

We are trying to push McAfee Agent 4.8 out through "System Tree > Action ....Deploy Agent" in ePO 5, but this causes results similar to: https://kc.mcafee.com/corporate/index?page=content&id=KB66747

Is there a full list of account requirements (in terms of security) for privileges such as 'Allow log on locally' for the account that is used to push the McAfee Agent?  I do not want to use a domain admin.  I just want to give the account enough to do what it needs to do i.e. deploy agent.

Does the push agent task require "Allow local log on" on ePO Server and client?

Thanks!

Ash

1 Solution

Accepted Solutions
ash422
Level 9
Report Inappropriate Content
Message 4 of 5

Re: Account privileges for System Tree McAfee Agent Deployment

Jump to solution

We were managing a child/remote domain.  'Allow local logon' on the ePO server fixed the issue.  This is a change from previous versions of ePO.

4 Replies
djjava9
Level 11
Report Inappropriate Content
Message 2 of 5

Re: Account privileges for System Tree McAfee Agent Deployment

Jump to solution

there may be a kb on this but cant find it right now.....also check out https://kb.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24875/en_US/... on page 38.  i think you do need some kind of "allow local log on" on the client priveledge.  Why not just use a domain admin account and make your life easier?

Highlighted

Re: Account privileges for System Tree McAfee Agent Deployment

Jump to solution

if your withen active directory you can use group policy to deploy agents if you do not want to use domain admin.

ash422
Level 9
Report Inappropriate Content
Message 4 of 5

Re: Account privileges for System Tree McAfee Agent Deployment

Jump to solution

We were managing a child/remote domain.  'Allow local logon' on the ePO server fixed the issue.  This is a change from previous versions of ePO.

akill
Level 9
Report Inappropriate Content
Message 5 of 5

Re: Account privileges for System Tree McAfee Agent Deployment

Jump to solution

in order to deploy agents you need the following

  • Network protocols and ports required for machine name resolution
  • ADMIN$ share
  • File and Print sharing
  • Server service
  • Remote Registry service

And also the log on locally as you see on the KB also you can deploy it using log on scripts

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator