ESS BE - Allow standard user in W7 full control

Discussion in 'ESET Endpoint Products' started by Richard Conram, Jun 24, 2012.

Thread Status:
Not open for further replies.
  1. Richard Conram

    Richard Conram Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    43
    Location:
    Sweden
    ESS Business Edition, soon to be upgraded to Endpoint.

    I am have severe issues allowing a W7 Standard user to make changes in the firewall configuration when running in Interactive Mode. What it does in Learning or Automatic modes, I do not even know.

    As a consecuence the user is unable to, for example, allow the backup software to communicate to the backup server.

    Workaround?

    (It is a standalone computer, not joined to a domain)
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There's a possible workaround but that would make standard accounts useless. Users with standard account are supposed to receive a correct configuration, including firewall rules, from an administrator (e.g. by means of an ERA policy). Creating wrong rules by common users who are not computer savy would expose the network at risk and thus making changes in the configuration is permitted only in administrator accounts.
     
  3. Richard Conram

    Richard Conram Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    43
    Location:
    Sweden
    Well, the standard account is set up as standard in order to prevent security intrusions. I realize this may be an OS issue as well, but it is so damn annoying.

    I wish I could decide for myself what I consider safe. But then again that would bring about a ton of micromanagement.
     
  4. patch

    patch Registered Member

    Joined:
    May 14, 2007
    Posts:
    178
    Why not down grade to the personal edition of ESS for that computer. That way that technically savvy user can manage there own security.

    The alternative is you the administrator, add the firewall rules for that user I suppose.
    In theory endpoint Security could add the ability to grant more granular permissions, by it is not at all clear that this would decrease support work load.
     
    Last edited: Jun 24, 2012
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It wouldn't be secure at all if standard users could create rules, disable protections, uninstall AV, etc. themselves without admin rights. Create the necessary rules yourself as an administrator and push them to the clients via a policy while switching the firewall to policy-based or automatic mode with exceptions mode.
     
  6. Richard Conram

    Richard Conram Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    43
    Location:
    Sweden
    Marcos, I could do that via ERA even on a home network based on WHS?
     
Thread Status:
Not open for further replies.