Topic: Symantec Endpoint Protection client installation fails due to lack of permissions on Windows Vista or Windows 7

book

Article ID: 177927

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Unable to install Symantec Endpoint Protection on a Windows Vista machine due to lack of privileges.

Symptoms
Symantec Endpoint Protection installation fails on Windows Vista and Windows 7


Cause

In earlier versions of Windows, most user accounts are configured as members of local administrator’s group to ensure that users can install, update and run software applications without conflicts and perform common system level tasks. However, configuring user accounts as local administrators makes individual computers and networks vulnerable to malicious software and also users might be able to make unapproved system changes. The local policy may insist on a complex password, thus you will not be able to activate the administrator with a blank password. This technique also works on Windows Server 2008, however on that operating system it is more likely you will keep the True Administrator, hidden.

Resolution


How to Activate the Hidden (True) Vista Administrator

1. Logon to Vista using your usual account.
2. Launch the command prompt - Make sure you select, 'Run as administrator'
3. Net user administrator [email protected]
4. Net user administrator /active:yes
5. Switch User, or logoff
6. Logon as Administrator Password: [email protected]

      (Your password may be different!)

      Detailed Instructions to activate the Administrator

1. Logon to Vista using your normal username and password.
2. Click on the Start button
3. Click on Start Search.
4. Type, cmd.
5. Right-click cmd, select 'Run as administrator' from the shortcut menu.
6. In the black 'DOS box', type the following at the command line:
      Net help user
7. The idea of the last command is just to observe the options for Net User. In particular, examine the syntax to set the password.
8. The next instruction is the crucial command. I have chosen password = [email protected], you may want to choose different characters.
9. Net user administrator [email protected]
10. Net user administrator /active:yes
11. Check the message : The command completed successfully
12. Switch User, or logoff
13. Logon as Administrator Password: [email protected] (Your password may be different!)

    Local Security Method to Enable the Administrator Account

    This is how you navigate to the Local Security Policy.
    1. ) Click on Vista's Start orb
    2. ) In the Start Search dialog box type: secpol.msc
    3. ) Go to Local Policy, Security Options
    4. ) Double click Accounts: Administrator account status and select enable.

    You can also see the resulting Administrator in the Control Panel

    Check Vista's User Accounts

    Activating this super account provides a good opportunity to examine where you can configure Vista's accounts.
    Click on the Start button, Control Panel and select --> User Accounts:
    You can check in the GUI whether accounts have activated successfully.

    /active:yes the account is visible.
    /active:no the User Name disappears from the list below.

    Note: Before you can make any changes to any account, you must make sure that this box is checked:

    'Users must enter a user name and password to use this computer'. See screenshot below.





Technical Information

    Benefits of Vista's Hidden Administrator Account

    The main benefit of activating this hidden Vista Administrator is so that you have access to an account which does not suffer from the annoying UAC dialog box. Although it is possible to suppress the UAC with a local policy, the security may be weakened.

    An additional benefit of suppressing the UAC dialog box is the Administrator account has elevated privileges. Running the CMD command from a prompt will not require you to use the 'Run as administrator' option to obtain unrestricted access to the command line.




Attachments