Allow user configuration within policies under WSA
Do I have the ability within my MSP WSA console, to assign the ability to make changes to the endpoint user interface? In other words, I've allowed the endpoint GUI in a specific policy but when the end user opens the GUI, they cannot make any changes. I get the attached message below.
Userlevel 7
+56
You can put them in an Unmanaged policy and that lets them make changes on their end. There are some other policy settings you can configure to allow limited control - are there specific things you want them to do?
Techspert,
It's never a good idea to leave a managed endpoint under the unmanaged policy, that leaves too many variables for the end user to muck around with settings etc... and cripple their protection.
For the most part, the standard policy settings work well.
Is this a "control" issue where the user believes they need to have to be able to do things with their agent? Also, I don't buy the argument that some use that you have to disable AV software to install software etc.. as leaving Webroot ON while installing allows it to "learn" and watch the software to better protect you.
So in the end, what I suggest is that you figure out what they need, then create a copy of the default policy and make the adjustments and apply that policy to the individucal system in question.
Never use unmanaged unless it's temporary and for troubleshooting.
John
It's never a good idea to leave a managed endpoint under the unmanaged policy, that leaves too many variables for the end user to muck around with settings etc... and cripple their protection.
For the most part, the standard policy settings work well.
Is this a "control" issue where the user believes they need to have to be able to do things with their agent? Also, I don't buy the argument that some use that you have to disable AV software to install software etc.. as leaving Webroot ON while installing allows it to "learn" and watch the software to better protect you.
So in the end, what I suggest is that you figure out what they need, then create a copy of the default policy and make the adjustments and apply that policy to the individucal system in question.
Never use unmanaged unless it's temporary and for troubleshooting.
John
nic,
Thanks for the to-the-point repsonse, I appreciate that much more than someone trying to school me on best-practice for AV management.
Anyway, I ran into a situation on my own machine where I could not install a piece of software until I disabled Webroot protection. I then wanted to be able to give myself and my techs the ability to make changes as they saw fit since we are the ones managing and do not need nor have time for added frustration with AV protection not allowing us to do what we need to on our own machines.
So from what I gather, I can create an unmanaged policy for my techs which would allow the control of which I speak. Thanks!
AJS
Thanks for the to-the-point repsonse, I appreciate that much more than someone trying to school me on best-practice for AV management.
Anyway, I ran into a situation on my own machine where I could not install a piece of software until I disabled Webroot protection. I then wanted to be able to give myself and my techs the ability to make changes as they saw fit since we are the ones managing and do not need nor have time for added frustration with AV protection not allowing us to do what we need to on our own machines.
So from what I gather, I can create an unmanaged policy for my techs which would allow the control of which I speak. Thanks!
AJS
Userlevel 7
+56
Yep as long as you trust the technical folks not to just turn everything off then you can leave them in unmanaged. Just make sure they remember to turn it back on after the install!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.