You have problems installing Symantec Endpoint Protection, or you have installed it, but it is not functioning properly. You need a list of files, folders, and registry keys in order to check rights and permissions.
The installation of Symantec Endpoint Protection on Windows Vista, Windows Server 2008, and Windows 7 computers requires use of an account with elevated user rights. If you are installing in an Active Directory domain, the account used to deploy client software must also be a Domain Administrator. The Domain Administrator must also be a member of the Administrators group on each computer. Membership in other groups may cause restrictions on the Domain Administrator account's local rights. Verify that no restrictions on the Local Administrator or Domain Administrator accounts have been made.
Checking permissions within the registry
WARNING: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Modify only the keys specified. See the document How to back up the Windows registry before proceeding.
Note: When verifying permissions in Windows NT, verify that the Creator/Owner account has full rights to the registry keys listed. To propagate permissions to subkeys in Windows NT, place a check next to "Replace Permissions on Existing Subkeys."
To edit the registry
To check the rights on registry keys in regedt32
Checking permissions on an NTFS drive
Use the Windows Explorer to verify that System and Administrator have "Full Control" and Users have "Read Only" permissions for the following folders (if they exist):
(drive:)\
(drive:)\Program Files
(drive:)\Program Files\Common Files
(drive:)\Program Files\Symantec
(drive:)\Program Files (x86)
(drive:)\Program Files (x86)\Common Files
(drive:)\Program Files (x86)\Symantec
(drive:)\ProgramData\Symantec
(drive:)\Windows\Drivers
(drive:)\Windows\Installer
(drive:)\Windows\SysWOW64
To check the permissions, right-click the folder, choose Properties, and click the Security tab. Verify that both System and Administrator have Full Control.
The following folders should have Full Control permissions for the System and Administrator accounts, and Read Only for User accounts. If a folder does not exist, simply skip to the next one:
(drive:)\Users\Administrator\AppData\Local\Symantec
(drive:)\Users\Administrator\AppData\Local\Symantec\Symantec Endpoint Protection
Note: Before attempting to change permissions on directories or subdirectories, you should take ownership. NT does not change permissions on a subdirectory where ownership is incorrect, and does not report that it cannot change the permissions. Using an Administrative logon is suggested.
Checking DCOM settings
The last place to check rights on a computer is in its DCOM settings.
To verify Distributed COM properties
References
Some customers have reported fixing installation problems caused by incorrect rights or permissions by using Microsoft's SubInACL utility to change registry and NTFS permissions. This information is provided for your convenience. Symantec does not provide support for or assistance with Microsoft products.