Local Administrators can uninstall Endpoint Encryption Removable Media Encryption
Article ID: 225549
Updated On:
Products
Issue/Introduction
In Endpoint Encryption with only Removable Media Encryption (RME) installed, prior to release 11.3.1, users with local administrator rights could not uninstall the application.
In release 11.3.1, this was changed and by default, local administrators could uninstall the application. In addition, an advanced policy setting was added to allows members of a specified Active Directory security group to uninstall the product.
Some organizations will only want the SYSTEM user to be able to uninstall the application.
Environment
Symantec Endpoint Encryption Removable Media Encryption 11.3.1 MP1 and above.
Resolution
In release 11.3.1 MP1 an advanced policy setting was added called Allow Client Uninstallation for SYSTEM User only to allow only the SYSTEM user to uninstall the product. By default, this setting is set to False. By changing it to True, only the SYSTEM user can uninstall:
To check the value of this setting on a client, run this at the command prompt. For example, this shows it is set to True:
C:\>reg query "HKLM\Software\Encryption Anywhere\Framework\Client Database\CurrentPolicies\AdvanceSetting" /v ma.uninstall.allowSystemUser
HKEY_LOCAL_MACHINE\Software\Encryption Anywhere\Framework\Client Database\CurrentPolicies\AdvanceSetting
ma.uninstall.allowSystemUser REG_SZ True
Once the Allow Client Uninstallation for SYSTEM User only setting is set to True, if a local administrator tries to uninstall the product this error message appears:
Products such as Symantec Endpoint Management and Microsoft SCCM can execute commands as the SYSTEM user.
Microsoft PsExec can also be used. For example:
PsExec64 -i -s msiexec /x "SEE Client_x64.msi"
Attachments
Feedback
