it is always the account used by the mcafee agent, and that is the system account.
So there is no place to change that. You can change the account to deploy the McAfee agent, but that wont change under which account it runs.
So how would I go about setting the System account up to allow it Admin/Install rights on the computers across the enterprise? That account would be local (and proprietary) to the McAfee server and not a domain user...
I'm wanting to change which account it uses just to deploy the agent since that local System account doesn't have domain admin rights. After the agent is deployed it can run using any account...
ok, from scratch..
You need the McAfee Agent (the common framework), there are different ways to install it. If you push it we ePO using deploy agent, you are prompted for credentials. You would typically use domain credentials when doing more than one device.
Once the agent is installed:
1. it will run under the local system account
2. it will handle all communications with ePO: send events and product information, receive polices and tasks.
3. you install a product like VirusScan or HIPS using a client task defined in ePO. That task will be received by the local agent and run under that security context.
If you are using the new "product deployment" functionality in ePO 5.x, that only interacts with the agent so, again, no credentials there.
Does this help a bit?
It does, thank you. I misunderstood the new Product Deployment and thought I could push the agent that way.
the agent push remains in a class of its own...
I understand the manual push, and the Active Directory Sync push, but I would have thought that if Agent wasn't able to be pushed from the New Product Deployment option it wouldn't show up as an option or be allowed.
I'm going to venture that is not a push, it is just to update the agent...
Yes, the option to deploy the Agent as a Product Deployment Task is so that you can install a newer version of an already existing Agent (i.e. upgrade a 4.8.0 installation to 5.0.1). It does not allow you to deploy the Agent to a system that does not currently have an Agent installed. I had the some confusion when I got started with ePO.