Configuring Symantec's Endpoint Protection Manager for Domain Logon

Brian St. Marie - Sr. Systems Engineer

A personal pet peeve of mine is the required authentication to access the Management Console of Symantec's Endpoint Protection Suite.  Since it doesn't typically require logging in very often yet requires frequent changing of the password, it's very easy to forget the login information which delays troubleshooting when it's most important.

Just recently, I discovered that there is a way to configure the Management Console to allow domain logins, greatly simplifying management of Symantec's Protection Suite.

Inside the console, browse to the Admin tab.  On the bottom left of the new pane, click on the Servers sub-tab.  Select your management server and click Edit Server Properties and then Directory Servers on the resulting window.  Here, you can add external authentication servers for the Symantec software to use.  Click Add and enter the information for your domain controller of choice, as well as the name of the account you wish the software to use when connecting to the domain.

Once that's complete, you can specify any Symantec Endpoint Protection Administrator to use this domain server and account to log into the console.  Simply browse to the Administrators sub-tab, edit or create an Administrator account and specify Directory Authentication for Authentication.  You don't even need to have the same username in Symantec as you do on the domain, but you must use the same password.  The advantage to this is you never need to worry about independent or unmanaged passwords in the Symantec management system.  This improves security and manageability, allowing administrators to focus on keeping your network protected.