cancel
Showing results for 
Search instead for 
Did you mean: 
Technf
Level 9
Report Inappropriate Content
Message 1 of 13

Permission to run client task

Jump to solution

What's the permission needed for "run a client task now" from the system tree? Other posts suggest that the permission

McAfee Agent: View and change task settings

is needed. Also permissions for the specific products like ENS should be granted.

With all those set, we can still not see the "run client task now" button in the system tree.

Exactly what permissions are needed for this option to appear?

We also tried setting the Client Task Management permission (which would make sense) but this can't just be granted, there needs to be some sort of approval which I do not understand. We just need a user or group to be able to run client task for ENS rollout and similiar.

 

Client Task Management: No permissions


McAfee Agent: View and change task settings

Endpoint Security Common: View and change policy settings
Endpoint Security Firewall: View and change firewall settings
Endpoint Security Firewall Catalog: View Catalog
Endpoint Security Firewall Client: View Client Rules View Client Properties View Queries
Endpoint Security Platform Query: View Queries
Endpoint Security Threat Prevention: View and change task settings
Endpoint Security Threat Prevention Client: View Exploit Prevention Events View Queries
Endpoint Security-Webkontrolle: View and change task settings

 

 

Thanks for any help

2 Solutions

Accepted Solutions
McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 10 of 13

Re: Permission to run client task

Jump to solution

Thank you for posting your query

I guess this what exactly you are looking for

Permission Sets for System Tree.PNG

To achieve this

I followed the steps below

Logged in to the ePO server, created a new Permission Set by clicking on Menu and selecting Permission sets under user management.

Named the new permission set as Test Run client task now  

Enabled the below permissions

Agent Handler:

View Agent Handlers

Endpoint Security Threat Prevention:

View policy settings
View and change task settings

McAfee Agent:

View and change task settings
View policy settings

Systems:

Wake up agents; view Agent Activity Log
View "System Tree" tab

System Tree access:

Can search on the following nodes and portions of the System Tree:My Organization
Can access the following nodes and portions of the System Tree:My Organization

 

You will need to create a new user and assign this permission set to the user

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 11 of 13

Re: Permission to run client task

Jump to solution

To add to the above post, If you are trying to place the Run Client Task Now to the bottom of the page, just as highlighted, you can just drag and drop the button from the menu

 
Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
12 Replies

Re: Permission to run client task

Jump to solution

With all those set, we can still not see the "run client task now" button in the system tree.


Just a guess...

I believe you also need to select (place a check mark next to) a single system before the "Run Client Task Now" button becomes active.  If none or multiple systems are selected, "Run Client Task Now" remains disabled.  Meaning: It only works for a single selected system.

Hope this is helpful.

Highlighted
Technf
Level 9
Report Inappropriate Content
Message 3 of 13

Re: Permission to run client task

Jump to solution
Thanks, I just checked again and the button is also not there with a system marked. In addition, it's not just inactive like the "send ping" button but missing completely.

Re: Permission to run client task

Jump to solution

Wow, interesting.  Do you ever see the "Run Client Task Now" button for any logged-in ePO account (eg, admin)?  If not, this might indicate a missing, disabled, or corrupt ePO extension.  I might start by reviewing the state of the installed McAfee Agent extension in ePO.  Also, have you setup any client tasks in ePO yet?

Technf
Level 9
Report Inappropriate Content
Message 5 of 13

Re: Permission to run client task

Jump to solution
Yes when using the main admin account we can see the client task button and also run the tasks without issues (which answers your second question, yes we do have client tasks set up).
I should add that the users I'm trying to grant permissions to are from an active directory, however this should not make a difference (all other permissions I've added seem to work fine).
I may try to give every possible permissions to the role just to see if I just missed something or if there really is an issue with our epo.

Technf
Level 9
Report Inappropriate Content
Message 6 of 13

Re: Permission to run client task

Jump to solution
Even with every possible permission granted the run client task button does not appear. I'll now open a support ticket.
Technf
Level 9
Report Inappropriate Content
Message 7 of 13

Re: Permission to run client task

Jump to solution

I almost can't believe it, but as per McAfee support this is not possible (which means everyone running client tasks has to login as the main admin user).

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 13

Re: Permission to run client task

Jump to solution

There are some tasks that require admin credentials.  When testing permission sets, if you enable all possible permissions in a set and still not able to perform a desired function, then most likely that function requires global admin rights. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Technf
Level 9
Report Inappropriate Content
Message 9 of 13

Re: Permission to run client task

Jump to solution

Obviously.

Rolling out Endpoint Security (using a client task) for example is a very basic task which should not require global admin rights. Why even bother to create permission sets if almost everyone needs global admin rights anyways just for this one regular task?

McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 10 of 13

Re: Permission to run client task

Jump to solution

Thank you for posting your query

I guess this what exactly you are looking for

Permission Sets for System Tree.PNG

To achieve this

I followed the steps below

Logged in to the ePO server, created a new Permission Set by clicking on Menu and selecting Permission sets under user management.

Named the new permission set as Test Run client task now  

Enabled the below permissions

Agent Handler:

View Agent Handlers

Endpoint Security Threat Prevention:

View policy settings
View and change task settings

McAfee Agent:

View and change task settings
View policy settings

Systems:

Wake up agents; view Agent Activity Log
View "System Tree" tab

System Tree access:

Can search on the following nodes and portions of the System Tree:My Organization
Can access the following nodes and portions of the System Tree:My Organization

 

You will need to create a new user and assign this permission set to the user

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community