When launching the Backup Exec console, a security warning "The Backup Exec user interface can only be run as a fully trusted application under .NET security policies." is encountered.

Article:TECH126929  |  Created: 2010-01-12  |  Updated: 2010-10-02  |  Article URL http://www.symantec.com/docs/TECH126929
Article Type
Technical Solution

Product(s)

Environment

Issue



When launching the Backup Exec console, a security warning "The Backup Exec user interface can only be run as a fully trusted application under .NET security policies." is encountered.


Error



The Backup Exec user interface can only be run as a fully trusted application under .NET security policies. This means you must run it from a directory on your local computer or you must configure .NET security to fully trust the application from a network location.


Solution



Solution
On launching the Backup Exec Admin console after successful installation of Backup Exec console, the above mentioned error may occur.
 
The user must launch the Backup Exec console as an administrator.  To do this on both Windows 7 and Windows 2008, simply right-click on the short cut icon or on the selection in the program list off the start menu and choose to run the program as "Administrator"

Cause #1:

1. Backup Exec application has been installed in a shared folder location. The  Backup Exec console process (BKUPEXEC.EXE) is dependent on .NET and hence may fail to load due to default .NET security policies.

Cause #2:
2. The logon account being used to launch the Backup Exec console does not have rights to the following registry key:
HKEY_LOCAL_MACHINE\Software\Classes\.pdf

Cause #3:
3. The Symantec Registry Key was corrupted during the installation. When this happens, successive installs and uninstalls will fail.  

Cause #4:
4. Installation of the Remote Administration Console on Windows 7 may not have correct permission for the console installation to run.

Cause #5:
5. Incorrect permissions for the following registry keys
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\User Interface
 
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\Debug
 

Resolution #1:
1. Ensure that the Backup Exec application is not installed into a shared folder location.

Resolution #2:
Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes

2. Ensure that the logon account being used to launch the Backup Exec console has Full Control permissions to the registry value mentioned below:
HKEY_LOCAL_MACHINE\Software\Classes\.pdf

Resolution #3:
Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes

3. Ensure the following Registry key has the following permissions. Run REGEDIT and grant appropriate administrator permissions to all registry keys found under:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec
Users - Read
System - Full Control
Admin - Full Control


Resolution #4:
Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes

Run REGEDIT and grant appropriate administrator permissions to all registry keys found under HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\13.0\Install. Full Control should be held by the Administrators group and SYSTEM.  

 
Resolution #5:
Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes
Give the following permission to the keys below in registry :-
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\User Interface
 
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\Debug
 
Permissions to be give Users – Read , Administrators – Full Control and SYSTEM – Full Control.

Note:- The Resolution #5: needs to be done only in case the 2 keys above do not inherit the permissions given in  Resolution #3:

 Make sure every key under "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec" should be accessable to the user.

 If not login to windows as  the default "Administrator" and try accessing the registry keys.

Even the default Administrator has the same problem try giving permission to all the registry key mentioned.

 

In case all of the above steps fail you can try to uninstall .Net Framework from the Media Server using the Removal tool available on the MSDN website. Here is the link for the tool http://blogs.msdn.com/b/astebner/archive/2008/08/28/8904493.aspx 

*Note: .Net Framework uninstall can cause other applications to stop working, so please ensure that no other application is using the .Net Framework before uninstalling the same.

 

 Note: Due to security implementations in Microsoft Small Business Server, the Backup Exec service or logon account must be Administrator.
 


Attachments

Backup exec Loading
BE Loading.JPG
Registry Access denied
registry Access denied.JPG




Supplemental Materials

ValueV-259-0012
Description

The Backup Exec user interface can only be run as a fully trusted application under .NET security policies.


Value1939980
Description

UI: The BE console will not open and reports a ?security warning?



Legacy ID



340263


Article URL http://www.symantec.com/docs/TECH126929


Terms of use for this information are found in Legal Notices