Local Administrators can uninstall Endpoint Encryption Removable Media Encryption

book

Article ID: 225549

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

In Endpoint Encryption with only Removable Media Encryption (RME) installed, prior to release 11.3.1, users with local administrator rights could not uninstall the application.

In release 11.3.1, this was changed and by default, local administrators could uninstall the application. In addition, an advanced policy setting was added to allows members of a specified Active Directory security group to uninstall the product.

Some organizations will only want the SYSTEM user to be able to uninstall the application.

Environment

Symantec Endpoint Encryption Removable Media Encryption 11.3.1 MP1 and above.

Resolution

In release 11.3.1 MP1 an advanced policy setting was added called Allow Client Uninstallation for SYSTEM User only to allow only the SYSTEM user to uninstall the product. By default, this setting is set to False. By changing it to True, only the SYSTEM user can uninstall:

To check the value of this setting on a client, run this at the command prompt. For example, this shows it is set to True:

C:\>reg query "HKLM\Software\Encryption Anywhere\Framework\Client Database\CurrentPolicies\AdvanceSetting" /v ma.uninstall.allowSystemUser

HKEY_LOCAL_MACHINE\Software\Encryption Anywhere\Framework\Client Database\CurrentPolicies\AdvanceSetting
    ma.uninstall.allowSystemUser    REG_SZ    True

Once the Allow Client Uninstallation for SYSTEM User only setting is set to True, if a local administrator tries to uninstall the product this error message appears:

Products such as Symantec Endpoint Management and Microsoft SCCM can execute commands as the SYSTEM user.

Microsoft PsExec can also be used. For example:

PsExec64 -i -s msiexec /x "SEE Client_x64.msi"

Attachments