The Symantec Management Platform (SMP) agent installed on managed endpoints and package servers uses credentials to retrieve packages. From a security best practice perspective, the privileges associated with the package credentials should be set to the minimum level required to access the packages while not allowing access to other network resources. This article provides best practices for reducing the privilege and permissions associated with the credentials used to access software packages. It explains the different levels of Symantec Management Platform credentials and then walks you through the process of limiting access to the credentials so that they cannot be used to access other network resources.
About Symantec Management Platform (SMP) credentials
The SMP lets you define three levels of credentials with varying degrees of privileges and permissions.
Before you restrict package access credentials within the Symantec Management Platform, you should limit the access level of the Active Directory domain account or Windows Workgroup local user account that functions as the Notification Server service account. How you do this depends on your specific setup. Symantec recommends that you create a unique set of credentials for access to package storage credentials on the Symantec Management platform. You should ensure that the account is a “least privilege access” account.