ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to create additional Administrators on Symantec Encryption Management Server

book

Article ID: 214171

calendar_today

Updated On:

Products

Encryption Management Server Encryption Management Server Powered by PGP Technology PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP Command Line

Issue/Introduction

Symantec Encryption Management Server is a robust Encryption server that allows capabilities of encrypting emails in the gateway configuration, management of policies for the Symantec Encryption Desktop clients, Web Email Protection or PDF Messenger emails (Secure portal email delivery) along with Key Management Capabilities for PGP Command Line.

Due to the many features of Symantec Encryption Management Server, there are many different types of Administrators you can configure.  This KB goes over the basics of how to create additional administrators and how to assign them the proper roles.

 

 

Resolution

First, login to the Symantec Encryption Management Server and click on the "System" tab, then the Administrators subtab.  You will be presented with all the current administrators.

It's always a good idea to check the list of Administrators and if they are still available, still need access, and if they still need the level of access they currently have.  For example, if you have any "Super User" administrators, it's a good idea to check if they still need this because this is an Administrator that has full access and full control to the server, including the ability to upload an SSH key for SSH access.  Super Users also have the ability to create other administrators.  Most administrators do not need this access, and either "Basic Administrator or Full Administrator is all that is needed.  

If the administrator needs to be able to get Recovery Keys for Drive Encryption, then a WDRT-Only Administrator is enough.

Once you have determined the level of access, enter the username for the new administrator, and then the passphrase.  Once they login, they can change the passphrase to whatever is needed.

Provide these credentials to the administrator and they should be good.