Symantec Endpoint Protection: Preparing computers that run Windows Vista for remote client deployment

Article:TECH102442  |  Created: 2007-01-10  |  Updated: 2011-03-04  |  Article URL http://www.symantec.com/docs/TECH102442
Article Type
Technical Solution


Environment

Issue



Symantec Endpoint Protection 11.0 will be deployed to computers that run Microsoft Windows Vista. What preparations must be made on the computers before the client software can be deployed?

 


Solution




 


Note: Windows Vista provides a highly customizable user interface. The procedures in this section are based on the Windows Classic user interface that can be set for Microsoft Windows Vista.
 



The Microsoft Windows Vista feature, "User Account Control" (UAC) blocks local administrative accounts from remotely accessing remote administrative shares such as "C$" and "Admin$." To use the "Push Deployment Wizard Tool" in this scenario, use a "Domain Administrative" account if the target client computer is part of an "Active Directory" domain. Remote client installation also requires elevated privileges to install.

Administrators of a workgroup will have to decide the best approach for UAC security in their environment. The UAC feature defaults to preventing access to administrative shares through the network for local administrative users in a workgroup environment. Please refer to the UAC documentation that Microsoft offers on their TechNet and Support websites for further information or workarounds on administration of this feature.

Title: Getting Started with User Account Control on Windows Vista
URL: http://technet.microsoft.com/en-us/library/cc507861.aspx

Title: Error message when you try to access an administrative share on a Windows Vista-based computer from another Windows Vista-based computer that is a member of a workgroup: "Logon unsuccessful: Windows is unable to log you on"
URL: http://support.microsoft.com/kb/947232


To enable remote client software deployment on the computers that run Microsoft Windows Vista, the following must be completed on each client computer:

  • Disable the "File Sharing Wizard."
  • Enable Network Discovery by using the "Network and Sharing center."
  • Ensure you are using an Administrative User account.
  • Verify that the account has "elevated" privileges.



To disable the "File Sharing Wizard" follow the steps below:

  1. Click Start > Computer.
  2. In the Computer window, click Organize > Folder and Search Options.
  3. Under the View tab, in the Advanced Settings section, uncheck Use Sharing Wizard (Recommended).
  4. Click OK.
    If Using Windows Vista in Classic View follow the steps below to disable the "File Sharing Wizard"
    1. Display the drives located on the computer.
    2. In the "My Computer" window, click Tools> Folder Options.
    3. Select View> Advanced Settings, uncheck Use Sharing Wizard (Recommended)
    4. Click OK.


To enable network discovery

  1. Display the computers in the network.
  2. In the "Network" window, click Network and Sharing Center.
  3. Select Sharing and Discovery.
  4. Click Network Discovery.
  5. Click Turn on Network Discovery
  6. Click Apply.


Ensure you are using an Administrative User account.

To verify that you have elevated privileges

  1. Click Start > Run.
  2. Type \\<target computer name>\C$.


If you can access and display the "C$" remote administrative share, then your privileges are elevated. If you cannot access and display this share, you must authenticate with an account that has the required privileges.



References
This document is available in the following languages:




 



Legacy ID



2007091021513648


Article URL http://www.symantec.com/docs/TECH102442


Terms of use for this information are found in Legal Notices