The DLP 10 Prevent appliance is technically just a managed system is far as EPO is concerned. When you say register the appliance what are you trying to do specifically?
Following the directions from the DLP 10 Prevent Product Guide - starting on Page 51 (Install the software on a hardware appliance)......
There is an "ePO Registration" step: where a User ID, Password, and EPO Server IP and Port need to be input from the Physical Console on the appliance.
We are wondering what Permissions the User ID requires on the EPO side.
hhoang - Are you suggesting that we should be able to just add the appliance name to the EPO System tree, apply policy, and continue on our way with getting the Appliance to work ?
Thanks for any assistance you can provide.
No, the way you had worded it originally I was under the impression you were trying to 'register' as in add the appliance to the system tree. The appliance has a built-in Mcafee agent on the install which would handle that for you which was what I was getting at.
To answer your question though, since the majority of the management of the appliance is handled through the MA I would imagine that it is simply using those credentials to update the appliance management statistics. I would try credentials that have permissions to appliance management at the very least:
Is there a particular reason why you do not want to use the global admin credentials?
Thanks for the suggestion, we will try the registration with the Appliance Management Permissions set for the User ID performing the registration.
Two reasons we do not want to use the global admin account; 1) we are in regulated industry and IDs that do not follow least privilege principle are called out and scrutinized, 2) we are not at the physical location of the physical appliances, and we must provide an ID and Password to Data Center employee for the registrations, we would like to hand this resource an ID that can only do what is required (in this case to register the appliance).