Cannot Uninstall PGP Endpoint Client on Windows Vista

Article:TECH149159  |  Created: 2008-05-20  |  Updated: 2011-02-08  |  Article URL http://www.symantec.com/docs/TECH149159
Article Type
Technical Solution

Issue



When attempting to uninstall PGP Endpoint on Windows Vista using the Programs and Features Control Panel tool, an error message displays that the user does not have sufficient rights to uninstall the software. This occurs even when the user is logged in as an administrator.

This issue occurs when using the Deploy Tool on a Windows Vista system with UAC enabled that is not part of a domain or on a separate domain from the deployment system. A registry value on the Windows Vista system can affect administrators to not have full administrator rights on remote connections. Therefore, a remote administrator with restricted permissions is unable to uninstall the deployed PGP Endpoint software.

For local installations not using the Deploy Tool, the Windows Installer (MSI) installation sequence contains a user sequence and a server sequence. The user sequence of the setup performs actions that requires full admin rights e.g., (write/delete registry keys and values, extract files, and create/remove protected folders). When using the Programs and Features Control Panel tool, the uninstalltion fails due to insufficient user rights.

.

 


Solution



Deployment Tool Installations

To resolve the issue, the registry value LocalAccountTokenFilterPolicy must be set on the system to allow remote connections with full admin rights. The value may need to be added to the registry. The following steps detail how to edit the registry value and add the registry value when necessary.

 

Warning: Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. For more information on backing up the registry see the following article on the Microsoft support site: How to back up and restore the registry


To Edit the registry value:

 

  1. Click Start>Run.
  2. Type regedit and click OK.
  3. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system folder.
  4. Right-click the LocalAccountTokenFilterPolicy value and click Modify.
  5. In the Value data field, type 1 and click OK.
  6. Close the Registry Editor.

To add the registry value:

 

  1. Click Start>Run.
  2. Type regedit and click OK.
  3. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system folder.
  4. Right-click the right pane, and select New>DWORD Value.
  5. Type LocalAccountTokenFilterPolicy for the new DWORD value and press Enter.
  6. Right-click the LocalAccountTokenFilterPolicy value and click Modify.
  7. In the Value data field, type 1 and click OK.
  8. Close the Registry Editor.

Local installations

For local installations of PGP Endpoint, the setup.exe must be used to install and uninstall the software on a Windows Vista system with UAC enabled. Using the setup installer is required to request full admin rights to UAC.

For more information on the User Account Control and remote restrictions in Windows Vista, click the following link for a Microsoft Support article.

Description of User Account Control and remote restrictions in Windows Vista

 



Legacy ID



966


Article URL http://www.symantec.com/docs/TECH149159


Terms of use for this information are found in Legal Notices