Add Built-in security principals and local Administrator to Device Control rules?

Discussion in 'ESET Server & Remote Administrator' started by dwood, Nov 30, 2012.

Thread Status:
Not open for further replies.
  1. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92
    Hi,

    Is there anyway to add the Built-in security principals and also the local Administrator account for all PC's to Device Control rules?

    Would be very useful ;)

    Cheers, Dan
     
    dwood, Nov 30, 2012
    #1
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    Can you please describe in a bit more detail what you are looking for/what you would are trying to accomplish? Thank you.

    Regards,

    Aryeh Goretsky
     
    agoretsky, Dec 3, 2012
    #2
  3. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92
    Hi Aryeh,

    I better elaborate a bit,

    We has to organisations that are working together, Site A has 500 PC's and Site B 200.

    Site A is using Eset EndPoint AV and Lumension Device Control and Site B is using Symantec EndPoint Protection.

    We have just renewed our Eset licence and increased the licence count to 700 to include Site B (All 3 solutions were up for renewal). As we are rolling out new PC's or reimaging we are only installing Eset EndPoint AV and using the new Device Control built into the product.

    When working on new PC's or Laptop's as the Local Administrator device control blocks any attached storage device (as it should), but it would be usefull to give the local administrator on all PC's and Laptop's rights to use any device. But without adding each local administrator account individually this isn't currently possible.

    So could this functionallity be added to a wishlist?

    Many Thanks,

    Daniel
     
    dwood, Dec 3, 2012
    #3
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    We'll consider it for future versions but it won't be an easy task.
    Edit: This is already possible as SID is same for the Administrators group on all computers.
     
    Last edited: Dec 5, 2012
    Marcos, Dec 4, 2012
    #4
  5. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92
    Thanks Marcos,

    That's spot on! :-D

    Regards,

    Daniel
     
    dwood, Dec 6, 2012
    #5
  6. snotechs

    snotechs Registered Member

    Joined:
    Jan 5, 2013
    Posts:
    6
    Location:
    United States

    Could you elaborate more on how to configure this. When I try to add the local admin group to device control it only adds the local admin for the machine I am running the Console on (machinename\Administrators). Since the SID is the same will that work on all machines? Will adding local Admin group also solve my issue with NTAUTHORITY level triggering Device Control?

    Thanks
     
    snotechs, Jan 17, 2013
    #6
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    It worked for me fine and after selecting the Administrators group, a rule with a correct SID (S-1-5-32-544) was created.
     
    Marcos, Jan 18, 2013
    #7
  8. snotechs

    snotechs Registered Member

    Joined:
    Jan 5, 2013
    Posts:
    6
    Location:
    United States
    Tried it and it worked just fine. Didn't resolve the issue of NTAUTHORITY level services showing up in logs, but that's for another thread. Thanks!
     
    snotechs, Jan 25, 2013
    #8
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...