Jump to content

MSP Remote Administrator - Device Control Questions

Go to solution Solved by Peter Randziak,

Recommended Posts

For the first time today, I enabled Device Control on an end-user PC in a business environment - the PC runs ESET Endpoint Antivirus.  I noticed that in order to create user groups that ESET was calling on Active Directory -


In order to configure a Device Control policy via the Remote Administrator, do you have to have ESET RA Console (and potentially then ESET RA Server) installed on a domain controller or other server that has access to the domain's Active Directory? 


The reason I'm asking is that would prove difficult with the MSP Remote Administrator -


If so, I'm wondering if I were to temporarily install an ESET RA Console on a client server just for the purposes of accessing their Active Directory in order to build the Device Control policy, could I then export that policy to an .xml file that I could merge with the client's policy on the MSP RA?


Any insight is appreciated -



Link to comment
Share on other sites

Hello LocknetSSmith.


Using ESET Device control is not a MSP specific functionality.


Device Control within the ESET Endpoint clients, and Device Management within ESET RA allows you to scan, block or adjust extended filters/permissions and select how your users can access and work with a given device.


This is useful if you would like to limit access to a specific device, or devices; in order to prevent access to unsolicited content by users.


Device Control Rules can be applied globally, or to specific Security Principles, such as Users, and Groups.


Device Control utilizes Windows Access Control, and the computer that ESET RA is installed on does not have to be a Domain Controller.

Link to comment
Share on other sites

Thank you for getting back to me Lesley F.  I think I may have mis-stated my question however. 


When I tried to create specific security users and groups within the Device Control setup, it calls up a window from Active Directory, asking for the usernames of those I wish to add to the group.  In order to create a global Device Control policy, I understand I could probably do that from any computer or server on the network, as long as it has access to Active Directory, and the users that I wish to add to the Groups.  I could even create a Group in Active Directory and link ESET's Device Control to it I see. 


My question is, once I have Device Control configured and working on a network, if I export the settings to an .xml file, and merge that .xml file to the client's policy on the MSP RA, will Device Control continue to function remotely from the MSP RA, even if the MSP RA server no longer has access to the client's Active Directory?


I hope this makes sense - I can't think of how else to word it.

Link to comment
Share on other sites

  • ESET Moderators
  • Solution

Hello LocknetSSmith,


the ERA is just distributing the settings to the clients.

The settings will work on clients, which are in the same domain, the ERA server needn't to be necessarily in the same domain.

The groups and users are distributed and interpreted on clients as their SID so you cannot share these setting across different domains.


Hopefully I clarified it a bit.



Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...