Networked Computers > Client Management > Settings > Privileges and Other Settings
You can grant users the privileges to modify certain settings and perform high level tasks on the OfficeScan client. However, to enforce uniform settings and policies throughout your organization, Trend Micro recommends granting limited privileges to users.
Click the Privileges tab and select from the following user privileges:
Roaming privilege. MORE >>
Clients in roaming mode are isolated from, and therefore cannot communicate with, the OfficeScan server. Users with roaming privilege may enable roaming mode when OfficeScan server intervention (such as server-initiated scanning) prevents them from fulfilling a task, such as when doing a presentation. Although communication with the server is lost, roaming clients with Internet connection can still update components if configured to get updates from an update agent or the Trend Micro ActiveUpdate server.
Antivirus privileges. MORE >>
Allow client users to configure their own virus/malware scan settings (Manual Scan, Real-time Scan and Scheduled Scan)
Anti-spyware privileges. MORE >>
Allow client users to configure their own spyware/grayware scan settings (Manual Scan, Real-time Scan and Scheduled Scan)
Scheduled Scan privilege. MORE >>
Allows client users to stop a running Scheduled Scan (for both virus/malware and spyware/grayware)
Firewall privileges. MORE >>
Allow client users to do the following:
View the Firewall tab in the client console
Enable/Disable the OfficeScan firewall, the Intrusion Detection System, and the firewall violation notification message: You cannot override user-specified settings from the OfficeScan server Web console. If you do not enable the features, the firewall settings you configure from the OfficeScan server Web console display under Network card list on the client console.
Allow clients to send firewall logs to the OfficeScan server: If you select this option, configure the log sending schedule in Networked Computers > Global Client Settings. The schedule only applies to clients with firewall log sending privilege.
Toolbox privilege. MORE >>
Displays the Toolbox tab on the client console. The Toolbox tab allows users to install Check Point SecureClient Support. OfficeScan provides a tool that allows Check Point SecureClient to check if the client Virus Pattern and Virus Scan Engine are current.
Mail Scan privilege. MORE >>
Allows client users to manually scan their Microsoft Outlook mail messages and attachments for security risks
Proxy setting privilege. MORE >>
Allows the client user to configure proxy settings
OfficeScan uses user-configure proxy settings only on the following instances:
When clients perform "Update Now". Performing "Update Now" is a privilege you can grant client users.
When users disable, or OfficeScan cannot detect, automatic proxy settings
Component update privilege. MORE >>
Allows client users to configure their own component update settings
Client users with component update privileges will see the "Update Now" and "Enable Scheduled Update" options when right-clicking the OfficeScan icon in the system tray.
Although users have the privilege to enable/disable scheduled update, they do not have the privilege to configure the actual schedule. You will have to specify the schedule in Updates > Networked Computers > Automatic Update > Schedule-based Update.
There is another "Enable scheduled update" option in the Other Settings tab, which allows you to enable or disable scheduled update on the selected clients.
Scenario 1:
|
Scheduled Update Option |
State |
Result |
|
On the Privileges tab |
Enabled (users have the privilege to enable/disable scheduled update) |
If client users disable scheduled update, the OfficeScan client will NOT update components during the update schedule. Otherwise, the update will proceed. |
|
On the Other Settings tab |
Enabled OR Disabled |
Scenario 2:
|
Option |
State |
Result |
|
"Enable scheduled update" option on the Privileges tab |
Disabled |
The OfficeScan client will update components during the update schedule. |
|
"Enable scheduled update" option on the Other Settings tab |
Enabled |
Client uninstallation. MORE >>
Allows users to uninstall the OfficeScan client with or without a password
To initiate silent client uninstallation from the Web console, go to Networked Computers > Client Management > Tasks > Client Uninstallation.
Client unload. MORE >>
Allows users to turn off the OfficeScan client with or without a password
Click the Other Settings tab and select settings for the following items:
Update-related functionality. MORE >>
Clients download updates from the Trend Micro ActiveUpdate Server: When initiating updates, OfficeScan clients first get updates from the update source specified on the Updates > Networked Computers > Update Source screen. If the update fails, the clients attempt to update from the OfficeScan server. Selecting "Clients download updates from the Trend Micro ActiveUpdate server" enables clients to attempt to update from the Trend Micro ActiveUpdate server if the update from the OfficeScan server fails.
This option allows you to enable/disable scheduled update on the selected clients.
There is another "Enable scheduled update" option in the Privileges tab, which allows client users to enable or disable scheduled update.
Scenario 1:
|
Scheduled Update Option |
State |
Result |
|
On the Privileges tab |
Enabled (users have the privilege to enable/disable scheduled update) |
If client users disable scheduled update, the OfficeScan client will NOT update components during the update schedule. Otherwise, the update will proceed. |
|
On the Other Settings tab |
Enabled OR Disabled |
Scenario 2:
|
Scheduled Update Option |
State |
Result |
|
On the Privileges tab |
Disabled |
The OfficeScan client will update components during the update schedule. |
|
On the Other Settings tab |
Enabled |
Clients can update components but not upgrade the client program or deploy hot fixes: This option allows component updates to proceed but prevents hot fix deployment and client upgrade using all the upgrade options.
If you do not select this option, all clients simultaneously connect to the server to upgrade or install a hot fix. This may significantly affect server performance if you have a large number of clients. If you select this option, plan how to minimize the impact of client upgrade or hot fix deployment on the server and then execute your plan.
See the Installation and Deployment Guide for more information about the upgrade options for the OfficeScan client.
Web Reputation settings. MORE >>
Displays a notification message on the client computer if OfficeScan blocks a URL that violates a Web Reputation policy
Client security level. MORE >>
Allows or restricts users from accessing OfficeScan client files and registries
If you select High, the access
permission settings of the OfficeScan folders, files, and registries will
be the same as the Program Files folder settings of client computers running
Windows 2000/XP/Server 2003.
Therefore, if the permissions settings (Security settings in Windows) of
the Program Files folder are set to allow full read/write access, selecting
High still allows users full read/write access
to the OfficeScan client folders, files, and registries.
Client console access restriction. MORE >>
Users are not able to access the client console from the system tray or Windows Start menu but can do so from the OfficeScan client installation folder. OfficeScan runs in the background and continues to provide protection from security risks.
If you select domain(s) or client(s), click Save to apply settings to the selected domain(s) or client(s).
If you select the root icon 
:
Apply to All Clients: Applies settings to all existing clients and to any new client added to an existing/future domain. Future domains are domains not yet created at the time you configure the settings.
Apply to Future Domains Only: Applies settings only to clients added to future domains. This option will not apply settings to new clients added to an existing domain.