I want to “encourage” users who have Master Operator accounts to use their Non Master Operator accounts when taking actions on endpoints.
Is it possible to deny the MO access to any endpoint other than the BigFix server itself?
I realise that, even if there is a way to do this, the MO will be able to reset it, but that puts an extra step in the process so that they have to deliberately allow themselves to take action on endpoints before taking the action.
In this way, we can ensure that the user doesn’t forget that they are in the MO account and accidentally take action. Is there a way to do this?
Yes, that’s the suggestion I am leaning towards so far. It’s just a bit tricky when the MO’s are not colocated, as you are dependant on whether or not remote control facilities are available to allow the approver to approve the action.