Add Built-in security principals and local Administrator to Device Control rules?

Discussion in 'ESET Server & Remote Administrator' started by dwood, Nov 30, 2012.

Thread Status:
Not open for further replies.
  1. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92
    Hi,

    Is there anyway to add the Built-in security principals and also the local Administrator account for all PC's to Device Control rules?

    Would be very useful ;)

    Cheers, Dan
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Can you please describe in a bit more detail what you are looking for/what you would are trying to accomplish? Thank you.

    Regards,

    Aryeh Goretsky
     
  3. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92
    Hi Aryeh,

    I better elaborate a bit,

    We has to organisations that are working together, Site A has 500 PC's and Site B 200.

    Site A is using Eset EndPoint AV and Lumension Device Control and Site B is using Symantec EndPoint Protection.

    We have just renewed our Eset licence and increased the licence count to 700 to include Site B (All 3 solutions were up for renewal). As we are rolling out new PC's or reimaging we are only installing Eset EndPoint AV and using the new Device Control built into the product.

    When working on new PC's or Laptop's as the Local Administrator device control blocks any attached storage device (as it should), but it would be usefull to give the local administrator on all PC's and Laptop's rights to use any device. But without adding each local administrator account individually this isn't currently possible.

    So could this functionallity be added to a wishlist?

    Many Thanks,

    Daniel
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We'll consider it for future versions but it won't be an easy task.
    Edit: This is already possible as SID is same for the Administrators group on all computers.
     
    Last edited: Dec 5, 2012
  5. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92
    Thanks Marcos,

    That's spot on! :-D

    Regards,

    Daniel
     
  6. snotechs

    snotechs Registered Member

    Joined:
    Jan 5, 2013
    Posts:
    6
    Location:
    United States

    Could you elaborate more on how to configure this. When I try to add the local admin group to device control it only adds the local admin for the machine I am running the Console on (machinename\Administrators). Since the SID is the same will that work on all machines? Will adding local Admin group also solve my issue with NTAUTHORITY level triggering Device Control?

    Thanks
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It worked for me fine and after selecting the Administrators group, a rule with a correct SID (S-1-5-32-544) was created.
     
  8. snotechs

    snotechs Registered Member

    Joined:
    Jan 5, 2013
    Posts:
    6
    Location:
    United States
    Tried it and it worked just fine. Didn't resolve the issue of NTAUTHORITY level services showing up in logs, but that's for another thread. Thanks!
     
Thread Status:
Not open for further replies.