search cancel

How to change SPE local UI authentication from SPE Based authentication to Active Directory based authentication


Article ID: 163144


Updated On:


Protection Engine for Cloud Services Protection for SharePoint Servers Protection Engine for NAS


After installing Symantec Protection Engine (SPE) with "SPE Based Authentication" on Windows, you seek to change to "Active Directory Based Authentication" without uninstalling / reinstalling.


  • SPE8.0.x installed on Windows -or-
  • SPE7.9.x installed on Windows



This change can be made using the xmlmodifier.exe command in an elevated command prompt. 

Note: As always, when working with the Protection Engine XML files, stop the Symantec Protection Engine Service. Please stop scanning within your connector before stopping Symantec Protection Engine Service due to potential negative impact to your scanning resource. See vendor documentation for best practices in disabling scanning.


  1. At the cmd prompt, to navigate to the folder where Protection Engine is installed, type:
    cd "C:\Program Files\Symantec\Scan Engine"

    ...where "C:\Program Files\Symantec\Scan Engine" is the installation folder for Protection Engine

  2. To change the ADAuthenticationMode value ="false" to "true", type:
    XMLModifier.exe -s /configuration/Resources/System/admin/ADAuthenticationMode/@value true configuration.xml

  3. To confirm the change to ADAuthenticationMode, type:
    type configuration.xml | find "ADAuthenticationMode"

  4. If the output does not contain "true, do not proceed further.
  5. To change the ActiveDirectoryDetails groupname="" to "YourGroupName", type:
    xmlmodifier.exe -s /configuration/Resources/System/admin/ADAuthenticationMode/ActiveDirectoryDetails/@groupname "Domain\YourGroupName" configuration.xml

    ...where "Domain" is the AD domain for authentication and "YourDomainGroup" is the domain group which contains users you seek to permit access to SPE UI

  6. To confirm the ActiveDirectoryDetails change is successful, type:
    type configuration.xml | find "ActiveDirectoryDetails"


Once you confirm the changes are within configuration.xml, you should be able to start the Symantec Protection Engine service and log into the console with your Active Directory credentials.

Note: Do not edit the Protection Engine XML files with anything but the XMLModifier

If you wish to go from Active Directory Authentication to SPE Authentication, be sure the password gets reset as per