Use Active Directory authentication rather than NT authentication. This allows for selection of groups which were queried directly from Active Directory.
Modify the Host (*.BHF) and Caller files (*.CIF) for each localized host language to include the correct Caller object.
To accomplish this second work-around, you can either install the pcAnywhere 12.5 "box" product on a localized OS, or if your Symantec Management Platform server OS language matches that of the hosts, this can be done by opening the "Symantec pcAnywhere" application from the server desktop.
Take a copy the default host and caller files from a host computer of the desired language under the <%ALLUSERSPROFILE%>\Application Data\Symantec\pcAnywhere\Hosts folder, and modify those two files to implement the work-around.
While editing the NT caller properties for each language, be sure to check the box for "Support global NT users and groups defined in local NT groups". Otherwise nested users and groups will not be able to authenticate due to another known issue.
Once the localized caller file (for example the English version is named "WINNT.[Local Machine]+Administrator.cif") is created, then both this file and the corresponding *.bhf file should be copied to the <%ALLUSERSPROFILE%>\Application Data\Symantec\pcAnywhere\Hosts folder on each host computer with the same localized OS.
It is important to disable the host configuration policies in the Symantec Management Console if you implement this work-around, because any updates to the policy will overwrite the modifications described above.
Please contact Symantec Technical Support if you have any questions.
In the pcAnywhere host configuration policy, the Authentication type is set to NT for the group "[Local Machine]\Administrators".
The host computer is configured for a language in which the local administrators group is not literally "Administrators", such as the following: