Service Account has been removed from the Symantec Administrators group denying access

Article:TECH195782  |  Created: 2012-08-28  |  Updated: 2012-08-28  |  Article URL http://www.symantec.com/docs/TECH195782
Article Type
Technical Solution


Environment

Issue



The SMP Service Account / Application Identity was accidently removed from the Symantec Administrators group, thus denying access to various parts of the console.


Error



Access Denied
You currently do not have sufficient network access rights to the Notification Server console.
Please contact your local area network administrator for further assistance.


Cause



The SMP  Service Account / Application Identity had been accidently deleted from the Symantec Administrators group


Solution



NOTE:  The following solution will only work if the "NT Authority\System" account is still a member of the Symantec Administrators group. You can confirm this by running the following SQL  Query:

 

exec spGetDelayLoadRoleMembers @RoleGuid='2E1F478A-4986-4223-9D1E-B5920A63AB41',@TrusteeList=N'{2E1F478A-4986-4223-9D1E-B5920A63AB41}'

 

1) Download PSExec (http://technet.microsoft.com/en-us/sysinternals/bb897553)
2) Open CMD as an Administrator and then execute the following command:

PsExec.exe /s /i "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

This will launch Internet Explorer as the NT Authority/System account.

3) Navigate to the Altiris Console (http://localhost/altiris/console/) and then to the security role manager and re-add the Service Account to the Symantec Administrator group.




Article URL http://www.symantec.com/docs/TECH195782


Terms of use for this information are found in Legal Notices