When launching the Backup Exec console, a security warning "The Backup Exec user interface can only be run as a fully trusted application under .NET security policies." is encountered.

Article:TECH126929  |  Created: 2010-01-12  |  Updated: 2014-09-11  |  Article URL http://www.symantec.com/docs/TECH126929
Article Type
Technical Solution

Product(s)


Issue




Error



--------------------------
Security Warning
---------------------------
The Backup Exec user interface can only be run as a fully trusted application under .NET security policies. This means that you must run it from a directory on your local computer or you must configure .NET security to fully trust the application from a network location. (For more information, see http://entsupport.symantec.com/umi/V-259-0012)
 


Cause



1. Backup Exec application has been installed in a shared folder location. The  Backup Exec console process (BKUPEXEC.EXE) is dependent on .NET and hence may fail to load due to default .NET security policies.

2. The logon account being used to launch the Backup Exec console does not have rights to the following registry key:
HKEY_LOCAL_MACHINE\Software\Classes\.pdf

3. The Symantec Registry Key was corrupted during the installation. When this happens, successive installs and uninstalls will fail.  

4. Installation of the Remote Administration Console on Windows 7 may not have correct permission for the console installation to run.

5. Incorrect permissions for the following registry keys
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\User Interface
 
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\Debug

Solution



 
 
Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes

1. Ensure that the Backup Exec application is not installed into a shared folder location.

2. Ensure that the logon account being used to launch the Backup Exec console has Full Control permissions to the registry value mentioned below:
HKEY_LOCAL_MACHINE\Software\Classes\.pdf

3. Ensure the following Registry key has the following permissions. Run REGEDIT and grant appropriate administrator permissions to all registry keys found under:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec
Users - Read
System - Full Control
Admin - Full Control

4. Run REGEDIT and grant appropriate administrator permissions to all registry keys found under HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\13.0\Install. Full Control should be held by the Administrators group and SYSTEM.  
 
5. Give the following permission to the keys below in registry :-
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\User Interface
 
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\Debug
 
Permissions to be give Users – Read , Administrators – Full Control and SYSTEM – Full Control.

Note:- The Resolution #5: needs to be done only in case the 2 keys above do not inherit the permissions given in  Resolution #3:

 Make sure every key under "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec" should be accessable to the user.

 If not login to windows as  the default "Administrator" and try accessing the registry keys.

Even the default Administrator has the same problem try giving permission to all the registry key mentioned. 

In case all of the above steps fail you can try to uninstall .Net Framework from the Media Server using the Removal tool available on the MSDN website. Here is the link for the tool http://blogs.msdn.com/b/astebner/archive/2008/08/28/8904493.aspx 

*Note: .Net Framework uninstall can cause other applications to stop working, so please ensure that no other application is using the .Net Framework before uninstalling the same.

  Note: Due to security implementations in Microsoft Small Business Server, the Backup Exec service or logon account must be Administrator


Supplemental Materials

SourceUMI
ValueV-259-0012
Description

The Backup Exec user interface can only be run as a fully trusted application under .NET security policies.


SourceETrack
Value1939980
Description

UI: The BE console will not open and reports a ?security warning?



Legacy ID



340263


Article URL http://www.symantec.com/docs/TECH126929


Terms of use for this information are found in Legal Notices