Package Destination location folders Security Credentials are being reset when Package Refresh runs
Article ID: 157828
Updated On:
Products
Issue/Introduction
The Package Destination location folders have their NTFS security permissions reset to no access, making them inaccessible through standard means. This happens at regular intervals when the Package Refresh runs.
The GUID folders for packages show a lock on their icons and files cannot be deleted.
Environment
ITMS 8.x
Cause
Whenever a Package Refresh occurs on a Symantec Site Server, all folders in the file system that are acting as Package Destination locations have their NTFS security permissions reset to no access.
Resolution
Turn off DACL Management on each package server:
1) Open the registry editor on your package server
2) Open registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Package Server
3) Create a new DWORD value named "EnableDACLManagement" with a value of "0"
4) Restart the package Server
To delete an offending package, open a command prompt as admin navigate to the package delivery folder <install drive>:\program files\altiris\altiris agent\package delivery\ and run the command: icacls {GUID_OF_PACKAGE.EN_US} /t /reset
This will reset the permissions on the specified folder, takes the lock off of the icon, and changes permissions back to windows default (local admins have full access now).
If client agents are getting access denied when attempting to download packages, then reset the correct permissions for everyone and the IIS_IUSR accounts on the package delivery folder to get back to where the access is correct. You may need to also run iisreset for this as well.
For further information on this setting, please refer to "FAQ on Package Servers" under section 5.3.
Having DACL Management ON may also affect custom permissions set on the Package Server agent directory:
Custom permissions set on Package Server agent directory reverted when Package Refresh runs
Feedback
