ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Minimum Database Permissions for Symantec Endpoint Encryption Administrators

book

Article ID: 152737

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

When adding administrators for Symantec Endpoint Encryption (SEE), like help desk personnel, they cannot use SEE Management Console unless they are given Domain Administrator privileges.

Giving this level of network privilege to SEE administrators is contrary to your company's security policy.  The SEE administrators need to be given the least amount of permissions needed to successfully administer SEE.

This document explains what the minimum level of permissions are needed in order to allow the SEE administrators to successfully use the SEE Management Console.

Resolution

The Domain User accounts must be given the proper rights to the SEE database in Microsoft SQL Server. 

In SQL Management Studio, on the left-hand-pane:

- Security -> Right-click Logins -> New Login...

- Use the ‘Search...’ button to find the new Windows User; Set ‘Default database’ to SEEMSDb or whatever the SEE Database is called; Set ‘Default Language’ to English.

- In the same ‘Login Properties’ box, on the left-hand-pane click on ‘User Mapping’; check the box for the SEE Database & select ‘db_datareader’ and ‘db_datawriter’ along with‘Public’; Click OK to complete

- On the left-hand-pane, drill down into ‘Database’, find the SEE database and bring up properties

- Select ‘Permissions’ on the left-hand-pane in the Database Properties dialog box

- Select the Windows user on the right and Grant ‘Execute’ in addition to ‘Connect’; Click OK to complete.

- The windows user should now be set to use the SEE Manager console from any machine.

 

Tip: In addition to the above permissions, the SQL Server service needs to have the proper permissions to be able to use with Symantec Endpoint Encryption.  Local Service will not be enough permissions for Symantec Endpoint Encryption. 

Additional Information

 

152737 - Minimum Database Permissions for Symantec Endpoint Encryption Administrators

161258 - User and System Accounts Required by Endpoint Encryption

178363 - How to: Set up Database Access Account Rights - Symantec Endpoint Encryption

179347 - HOW TO: Install Symantec Endpoint Encryption Management Server and the Manager on Standard Windows Operating System

174725 - Grant Additional Administrators Access to Endpoint Encryption Manager Server Console

220948 - Symantec Endpoint Encryption Management Server OR Symantec Endpoint Encryption Configuration Manager does not open properly