You cannot push the Symantec Management Agent to a Windows Vista, 7, 8 or 10 machine using a user-defined local admin account if UAC is turned on.
This issue does not arise if you push the Symantec Management Agent using the default (built-in) local administrator account or domain administrator account (that is, the Notification Server application credentials).
This issue does not arise on computers that have UAC disabled.
The Symantec Management Agent Push Install process attempts to access an administrative share on the target computer. If User Account Control (UAC) is enabled on the Windows Vista, 7, 8 or 10 computer using a user-defined local administrator account, then access to the administrative share will fail, causing the push install to also fail. This is because the user account has no elevation potential on the target computer and cannot perform administrative tasks.
For more information on User Account Control, refer to the following Microsoft documentation:
This document contains the following information about Local User Accounts:
When a user with an administrator account in a Windows Vista computer's local Security Accounts Manager (SAM) database remotely connects to a Windows Vista computer, the user has no elevation potential on the remote computer and cannot perform administrative tasks. If the user wants to administer the workstation with a SAM account, the user must interactively logon to the computer that he or she wishes to administer.
You can work around this issue by adding a UAC flag to the registry to enable users with administrative credentials to access the administrative shares remotely.
To do this:
Symantec Management Platform 7.0 or later, pushing the Symantec Management Agent to Windows Vista, 7, 8 and 10 clients