Users get Access Denied when trying to access the Software Portal

book

Article ID: 170657

calendar_today

Updated On:

Products

Software Management Solution

Issue/Introduction

Users get Access Denied when trying to access the Software Portal.

Access Denied
You currently do not have sufficient network access rights to the Symantec Management Console.
Please contact your local area network administrator for further assistance.

Cause

There are two common possibilities regarding this issue:

  1. IIS Security settings can restrict users access to the Software Portal.
  2. User Account can be disabled inside the ITMS Console

Environment

ITMS 7.5 and further

Resolution

  1. To resolve the first probable cause, make sure Authenticated users have the appropriate permissions in IIS.
    1. Open up Internet Information Services (IIS) Manager (in Administrative Tools).
    2. Browse under Sites > Default Web Site > Altiris > and select Software Portal.
    3. Under the right-hand Actions menu, click Edit Permissions...
    4. Under the Security tab, click Edit under the first box showing groups with rights.
    5. With Authenticated Users selected, ensure that Read & Execute, List folder contents, and Read are checked. If they are not, check them.
    6. Click OK to save the changes, and OK to return to IIS Manager.
    7. Restart the Altiris Service and IIS (by going to a command prompt and running: iisreset)
    8. NOTE: It make take some time for the changes to propagate.
  2. To resolve the second probable cause, make sure that the User Account is not disable inside the ITMS console
    1. Go to "Settings > Security > Account Management" (inside the ITMS console)
    2. Click on "Accounts" and see if the user shows up
    3. If so, it may be set to disable, which would negate any access to the console, including the portal, for that user. 
      1. Set the User Account to "Enable"
    4. Also check to ensure there is a disabled group that might be listed as disabled that the user is a part of.
    5. NOTE: One more thing to check is to ensure that user isn’t specified directly on the SMP in users and groups, and may be disallowed in that area