Service Account has been removed from the Symantec Administrators group denying access
| Article:TECH195782 | | | Created: 2012-08-29 | | | Updated: 2012-08-29 | | | Article URL http://www.symantec.com/docs/TECH195782 |
Problem
The SMP Service Account / Application Identity was accidently removed from the Symantec Administrators group, thus denying access to various parts of the console.
Error
Access Denied
You currently do not have sufficient network access rights to the Notification Server console.
Please contact your local area network administrator for further assistance.
Cause
The SMP Service Account / Application Identity had been accidently deleted from the Symantec Administrators group
Solution
NOTE: The following solution will only work if the "NT Authority\System" account is still a member of the Symantec Administrators group. You can confirm this by running the following SQL Query:
exec spGetDelayLoadRoleMembers @RoleGuid='2E1F478A-4986-4223-9D1E-B5920A63AB41',@TrusteeList=N'{2E1F478A-4986-4223-9D1E-B5920A63AB41}'
1) Download PSExec (http://technet.microsoft.com/en-us/sysinternals/bb897553)
2) Open CMD as an Administrator and then execute the following command:
PsExec.exe /s /i "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
This will launch Internet Explorer as the NT Authority/System account.
3) Navigate to the Altiris Console (http://localhost/altiris/console/) and then to the security role manager and re-add the Service Account to the Symantec Administrator group.
|
|
Article URL http://www.symantec.com/docs/TECH195782
Terms of use for this information are found in Legal Notices
Thank you.