2 Replies Latest reply on May 12, 2011 9:13 AM by got2btru

    ePO v3.6.1 R4 - don't laugh...SERIOUSLY need help!


      Hey all!  New to the forums, and yes, we're on ePO v3.6.1 R4....we have a LARGE environment (700-800 intel servers & thousands of desktops), so our teams are pretty segmented.


      I'm actually on the Intel team & we have a separate security team that manages McAfee for us.  I used to manage ePO years ago on an earlier version.


      OK, so that's the background.  My question is this - the ePO admins do not have domain admin rights, so what do we need to do to set them up so they can push DATS, FRAMEPACKAGE.EXE & Client packages to servers & desktops.  They're claiming they HAVE to have domain admin rights....I say BS.  Can we set the console up with a service account that has domain admin rights?

        • 1. Re: ePO v3.6.1 R4 - don't laugh...SERIOUSLY need help!

          Well first thing- 3.6.1 is no longer supported, so i'd strongly suggest they upgrade/start afresh to a newer verion- 4.5 or 4.6.


          how do they install the epo agent?


          I used a GPO startup script to check and deploy the agent (did when i used 3.6.1 and still do) (since that will run with admin rights). once the agent is deployed, They then appeared in the console then if you have a deployment task to install Vscan it would do it automatically.


          I still have my 3.6.1 up  and all my services are running as local admin. Trying to think why- unless they want to force a client install from within the console- they'd need local admin rights and I can't see anywhere where you set this as an account to use.


          as its unsupported the best bet is to upgrade to a support version ASAP.




          • 2. Re: ePO v3.6.1 R4 - don't laugh...SERIOUSLY need help!



            Would LOVE to see your GPO if possible...


            I JUST got off the phone with the McAfee admin after spending several hours last night reading through the documentation.  What I did was set their ePO Application Server service to run as a domain admin account (but they can't log in with it interactively).


            When they go to push the client out, they will use the same credentials...we'll have to test this once we lock the service account down, but for now, it seems to have solved their issue.


            As for the console version, they are apparently in the process of installing a v4.5 console.