When using the Migration and Deployment Wizard to deploy the Symantec Endpoint Protection (SEP) client across the network to Windows Vista, Windows 7, or Windows Server 2008 system, the deployment fails.
There are several Windows settings which can cause the remote deployment to fail. The most common of these, and their solutions, are listed below.
Disable the Windows Sharing Wizard
The Windows Sharing Wizard must be disabled in order for the deployment to succeed.
Note: If the computer is joined to a domain, this may already be disabled.
In some situations, the Windows Firewall may cause the deployment to fail. It may be worthwhile to temporarily disable the Windows Firewall to rule it out as a cause of the deployment problem. If the Windows Firewall needs to be used going forward, it may be re-enabled after the SEP client is deployed.
The Migration and Deployment wizard requires access to the built-in Windows administrative shares (e.g., C$ and admin$ and IPC$) in order to copy files to the remote computer.
Please confirm that the administrative shares are enabled and accessible.
Example: \\<ip address of remote machine>\c$
User Account Control (UAC)
In some situations, UAC can block access to the remote computer's administrative shares if the account used to authenticate to the remote computer is a user account local to that computer. (Source: http://support.microsoft.com/kb/947232)
In this situation, either authenticate to the remote computer using a domain administrator's account or temporarily disable UAC.
Please ensure the account being used to deploy the SEP client has sufficient privileges, is not a restricted account and is not a member of a group that could cause a deny. In most situations, it is most appropriate to use a Local administrator account. If this is not possible, use a Domain administratot account that is a member of the local administrators group for the remote computer, but be aware of the UAC restriction (above).
Remote deployment of SEP clients from the SEPM to other domain member computers may fail due to Microsoft changes in the networking defaults of Windows 7 and above. When the local system account connects to other computers that are not in the same domain it uses a NULL session (which allows SEP client deployment). When local system connects to other computers that are in the same domain it tries to use the computer name to authenticate. In older Windows versions this connection could by default fallback to a NULL session. In Windows 7 and above the default behavior does NOT allow this fallback. The solution is to updgrade the SEPM to SEP 12.1.