You have problems installing Symantec Endpoint Protection, or you have installed it, but it is not functioning properly. You need a list of files, folders, and registry keys in order to check rights and permissions.
The installation of Symantec Endpoint Protection on Windows Vista, Windows Server 2008, and Windows 7 computers requires use of an account with elevated user rights. If you are installing in an Active Directory domain, the account used to deploy client software must also be a Domain Administrator. The Domain Administrator must also be a member of the Administrators group on each computer. Membership in other groups may cause restrictions on the Domain Administrator account's local rights. Verify that no restrictions on the Local Administrator or Domain Administrator accounts have been made.
Checking permissions within the registry
WARNING: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Modify only the keys specified. See the document How to back up the Windows registry before proceeding.
Note: When verifying permissions in Windows NT, verify that the Creator/Owner account has full rights to the registry keys listed. To propagate permissions to subkeys in Windows NT, place a check next to "Replace Permissions on Existing Subkeys."
To edit the registry
Click Start, and then click Run.
Type regedt32.exe in the Run box, and then click OK.
Note: Before attempting to change permissions on directories or subdirectories, you should take ownership. NT does not change permissions on a subdirectory where ownership is incorrect, and does not report that it cannot change the permissions. Using an Administrative logon is suggested.
Checking DCOM settings
The last place to check rights on a computer is in its DCOM settings.
To verify Distributed COM properties
On the Windows taskbar, click Start > Run.
Type the following, and then click OK:
Expand Component Services > Computers > My Computer. Then right-click My Computer and click Properties.
On the COM Security tab, under Access Permissions, click Edit Default....
Verify that Administrators and System accounts are set to Allow Access, and then click OK.
Under Launch and Activation Permissions, click Edit Default....
Verify that the Administrators, Interactive, and System accounts are set to Allow Launch, and click OK.
On the Default Properties tab, verify that Default Impersonation Level is set to Identify.
Click Apply, and then click OK.
Restart the computer for the changes to take effect.
References Some customers have reported fixing installation problems caused by incorrect rights or permissions by using Microsoft's SubInACL utility to change registry and NTFS permissions. This information is provided for your convenience. Symantec does not provide support for or assistance with Microsoft products.
Imported Document ID: TECH141644
Subscribing will provide email updates when this Article is updated. Login is required.