To reduce the risk of unauthorized access when administrators forget to log off, the setting "Allow

users to save credentials when logging on" should be disabled in Symantec Endpoint Protection

Manager (SEPM). Disabling this option ensures that administrators are required to enter their

credentials each time they access the SEPM console, preventing automatic logins and reducing the

chance of someone else gaining access without permission.

Purpose of Disabling Saved Credentials:

By preventing credential saving, SEPM forces each administrator to authenticate manually on every

session, thus improving security.

This setting is particularly useful in shared environments, as it prevents the console from retaining

login information when an administrator fails to log out.

Why Other Options Are Less Relevant:

Delete clients that have not connected (Option B) pertains to endpoint clients, not administrator

logins.

Lock account after unsuccessful attempts (Option C) protects against brute-force attempts but does

not address saved credentials.

Allow administrators to reset passwords (Option D) is related to password management rather than

login persistence.

Reference: Disabling saved credentials is a best practice to enforce unique logins for each session,

enhancing security in shared console environments​.