Symantec Endpoint Protection: Preparing computers that run Windows Vista for remote client deployment
Question/Issue:
Symantec Endpoint Protection 11.0 will be deployed to computers that run Microsoft Windows Vista. What preparations must be made on the computers before the client software can be deployed?
Solution:
Note: Windows Vista provides a highly customizable user interface. The procedures in this section are based on the Windows Classic user interface that can be set for Microsoft Windows Vista.
The Microsoft Windows Vista feature, "User Account Control" (UAC) blocks local administrative accounts from remotely accessing remote administrative shares such as "C$" and "Admin$." To use the "Push Deployment Wizard Tool" in this scenario, use a "Domain Administrative" account if the target client computer is part of an "Active Directory" domain. Remote client installation also requires elevated privileges to install.
Administrators of a workgroup will have to decide the best approach for UAC security in their environment. The UAC feature defaults to preventing access to administrative shares through the network for local administrative users in a workgroup environment. Please refer to the UAC documentation that Microsoft offers on their TechNet and Support websites for further information or workarounds on administration of this feature.
Title: Getting Started with User Account Control on Windows Vista
URL: http://technet.microsoft.com/en-us/library/cc507861.aspx
Title: Error message when you try to access an administrative share on a Windows Vista-based computer from another Windows Vista-based computer that is a member of a workgroup: "Logon unsuccessful: Windows is unable to log you on"
URL: http://support.microsoft.com/kb/947232
To enable remote client software deployment on the computers that run Microsoft Windows Vista, the following must be completed on each client computer:
- Disable the "File Sharing Wizard."
- Enable Network Discovery by using the "Network and Sharing center."
- Ensure you are using an Administrative User account.
- Verify that the account has "elevated" privileges.
To disable the "File Sharing Wizard" follow the steps below:
- Click Start > Computer.
- In the Computer window, click Organize > Folder and Search Options.
- Under the View tab, in the Advanced Settings section, uncheck Use Sharing Wizard (Recommended).
- Click OK.
If Using Windows Vista in Classic View follow the steps below to disable the "File Sharing Wizard"
- Display the drives located on the computer.
- In the "My Computer" window, click Tools> Folder Options.
- Select View> Advanced Settings, uncheck Use Sharing Wizard (Recommended)
- Click OK.
To enable network discovery
- Display the computers in the network.
- In the "Network" window, click Network and Sharing Center.
- Select Sharing and Discovery.
- Click Network Discovery.
- Click Turn on Network Discovery
- Click Apply.
Ensure you are using an Administrative User account.
To verify that you have elevated privileges
- Click Start > Run.
- Type \\<target computer name>\C$.
If you can access and display the "C$" remote administrative share, then your privileges are elevated. If you cannot access and display this share, you must authenticate with an account that has the required privileges.
References:
This document is available in the following languages:
Document ID: 2007091021513648
Last Modified: 09/23/2009
Date Created: 09/10/2007
Operating System(s): Windows Vista 32-bit Edition
Product(s): Endpoint Protection 11, Network Access Control 11
Release(s): Endpoint Protection 11 [All Releases], Network Access Control 11.0 [All Releases]
Cart
PRINT THIS PAGE