When you install a management server, the Symantec Endpoint Protection Manager console includes one domain, which is called Default. Domains are a logical separation of data that is separate from the Symantec Endpoint Protection Manager infrastructure. A domain is a structural container in the console that you use to organize a hierarchy of groups, clients, computers, and policies. You set up additional domains to manage your network resources.
The primary purpose of domains is for managed service providers can build one Symantec Endpoint Protection Manager infrastructure that services multiple customers.
The domains in Symantec Endpoint Protection Manager are not equivalent to Windows domains or other network domains.
Each domain that you add shares the same management server and database, and it provides an additional instance of the console. All data in each domain is completely separate. This separation prevents administrators in one domain from viewing data in other domains. You can add an administrator account so that each domain has its own administrator. These administrators can view and manage only the contents of their own domain.
If your company is large, with sites in multiple regions, you may need to have a single view of management information. You can delegate administrative authority, physically separate security data, or have greater flexibility in how users, computers, and policies are organized. If you are a managed service provider (MSP), you may need to manage multiple independent companies, as well as Internet service providers. To meet these needs, you can create multiple domains. For example, you can create a separate domain for each country, region, or company.
Figure: Overview of Symantec Endpoint Protection Manager domains
When you add a domain, the domain is empty. You must set the domain to be the current domain. You then add administrators, groups, clients, computers, and policies to this domain.
You can copy policies from one domain to another. To copy policies between domains, you export the policy from the originating domain and you import the policy into the destination domain.
You can also move clients from one domain to another. To move clients between domains, the administrator of the old domain must delete the client from the client group. You then replace the Communication Settings file on the client with one from the new domain.
You can disable a domain if you no longer need it. Ensure that it is not set as the current domain when you attempt to disable it.