There are two methods to allow other users to use the SEEM Console. Both methods allow for users or groups to be added:

Method 1: Symantec Endpoint Encryption Configuration Manager - Server Roles
Method 2: Add Users or Groups to SQL Server Management Studio

Note: SQL permissions must be provided to individual users and those individuals can then be used for the database accounts configured for the SEE Management Server.
In other words, SQL users will not be granted DB access if they are part of only a security group that was provided DB access--the user itself must be provided DB access.

Method 1: Symantec Endpoint Encryption Configuration Manager - Server Roles

Method 2: Add Users or Groups to SQL Server Management Studio

Click here for Troubleshooting other errors described above with SQL server configuration

#### Method 1: Symantec Endpoint Encryption Configuration Manager - Server Roles ####

1. On the Symantec Endpoint Encryption Management Server (SEEMS), click the start button.
2. Navigate to Symantec Endpoint Encryption in the list of programs.
3. Expand Symantec Endpoint Encryption and open SEEMS Configuration Manager.
   • ​​Note: The exact steps to find the program may vary by Windows Server version.
4. Ensure you are on the Database tab and note the User name used to authenticate.
5. Click the start button again and look for Microsoft SQL Server or Microsoft SQL Server Tools.
   • There may be multiple folders here with different years listed, search through all of them.
6. Look for SQL Server Management Studio and open it.
   • Depending on the version of this tool, there may be a year listed in the middle or end of the program name.
7. Connect to the server using an account with proper credentials to modify user roles for the SEEMS database (such as a sysadmin).
8. Once authenticated, in the left pane expand Security and Logins and find the user noted in Step 4--in this test, the user is "test".
9. Right click on the user and select Properties.
   
   
10. Select User Mapping in the left pane and select the SEEMS database name in the main pane.
11. Ensure this user has the following roles checked: db_datareader, db_datawriter, db_owner, public​.
12. ​​​Note: The db_owner role should not be given to most users. This role is only added to this user so that this user can manage the Server Roles and grant access for other users in the SEEMS Configuration Manager in steps 12-21.
    
    ​​
13. Return to the SEEMS Configuration Manager and choose the Server Roles tab on the left side.
14. If Manage Server Roles is turned off, turn it on.
    
    
     
15. Click Add User or Add Group depending on your use case.
16. Search for your user or group in the user interface.
17. Click the checkbox next to each user or group you want to give SEEMS privileges to.
    
    
     
18. Select Next until you reach step 3 in the wizard, "Map Admin Roles".
19. Depending on the level of access you would like to give other admins, check the box.  For full Server access, check Server to grant access to the SEEMS Console for this user or group.
    If you want only reporting to be available for the groups, select only Reports.  This is a granular approach for access.
    
    
     
20. Click Next and then Finish.
21. Click OK on the dialog box that pops up. 
    1. Note: You are not finished with this process until you click Save.
22. Next, check the box next to Allow Symantec Endpoint Encryption to manage database access permissions for AD users.
    
    
    
    
23. Finally, press Save on the Server Roles page.
24. Now your users or groups should have access to the SEEMS console when they login.

Important Note: The "Allow Symantec Endpoint Encryption to manage database access permissions for AD users" requires the "SYSADMIN" permissions for the database user because these permissions are needed in order to grant the needed permissions for other users to the SEE Database.  First validate that the user configured for "Database" in the SEEMS Configuration Manager" has Sysadmin permissions before checking this box.

^Back to Top

 

#### Method 2: Add Users or Groups to SQL Server Management Studio ####

1. On the server hosting the SQL Server containing the SEEMS Database, click the start button and look for Microsoft SQL Server or Microsoft SQL Server Tools.
   • There may be multiple folders here with different years listed, search through all of them.
2. Look for SQL Server Management Studio and open it.
   • Depending on the version of this tool, there may be a year listed in the middle or end of the program name.
3. Connect to the server using an account with proper credentials to modify user roles for the SEEMS database (such as a sysadmin).
4. Once authenticated, in the left pane expand Security, right click on Logins, and select New Login...
   
   
    
5. Click the Search... button next to Login name.
   
   
6. Enter the User or Group name you want to find in the text box and click Check Names.
   
   
    
7. Once the correct User or Group is found, click OK.
8. In the left pane, check User Mapping and check the checkbox next to the SEEMS database name in the main pane.
9. In the bottom section, check the following roles: db_datareader, db_datawriter, and public and click OK.
   
   
10. Collapse the Security section in the left pane of SQL Server Management Studio.
11. Expand Databases, right click on the database name, and select Properties.
    
    
12. Select Permissions from the left pane.
13. Click on the newly created user.
14. Ensure the Connect permission has the Grant box checked.
15. Find the Execute permission and click Grant.
    
    
16. Click OK.

This will now grant access to the user or group to access the SEEMS console.
 

^Back to Top

Troubleshooting other errors described above with SQL server configuration

Scenario 1: During the installation of the SEE Management Console on a workstation, the first screen that appears is for configuring the database account. 


Answer: There are two options available for this and each have specific functions:

Windows Authentication - With this option selected, the user should be an actual user located in the Active Directory.

SQL Server Authentication - With this option selected, the user should be an SQL user, which is *not* in the Active Directory.  If SQL Server Authentication is configured during the setup, and a Windows\AD account is selected, the error will occur that the password is incorrect.  This is because SQL does not allow regular Windows\AD accounts to be used for SQL Authentication.

There is a setting in SQL, which allows for "Mixed" modes for authentication, however, this will not allow access to the server in this scenario and an SQL account must be used:

Check Security software, such as McAfee Host Based Security System (HBSS), which have been known to block the installer.

Scenario 2: Saving the SEEMS Configuration Manager Server Roles will not succeed stating "Invalid Data"

Answer: If you are trying to add/remove users on the SEEMS configuration page and it states it is unable to, review the list of users and see if all users/groups are still included in Active Directory.

If the user(s)/group(s) are not included in Active Directory, but are still included in the SEEMS Configuration Manager, remove the invalid/missing users in the SEEMS Configuration Manager, and first save.
Once the invalid users/groups are removed, then add or remove additional groups.  This issue will be resolved in SEE 11.4 MP1 (EPG-23239/EPG-25305).