Which Discover and Deploy process requires the LocalAccountTokenFilterPolicy value to be added to the Windows registry of endpoints, before the process begins?
ThePush Discoveryprocess in Symantec Endpoint Protection requires theLocalAccountTokenFilterPolicyregistry value to be configured on Windows endpoints. This registry setting enables remote management and discovery operations by allowing administrator credentials to pass correctly when discovering and deploying SEP clients.
Purpose of LocalAccountTokenFilterPolicy:
By adding this value to the Windows registry, administrators ensure that SEP can discover endpoints on the network and initiate installations or other management tasks without being blocked by local account filtering.
How to Configure the Registry:
The administrator should addLocalAccountTokenFilterPolicyin the Windows Registry underHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System and set it to 1.
This configuration allows for remote actions essential forPush Discovery.
Reasoning Against Other Options:
Push EnrollmentandDevice Enrollmentare distinct processes and do not require this registry setting.
Auto Discoverypassively finds systems and does not rely on registry changes for remote access.
References: Configuring theLocalAccountTokenFilterPolicyregistry value is necessary for enabling remote management functions during the Push Discovery process in SEP.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit