RU5 Upgrade question - prompts for uninstall password
This issue has been solved. See solution.
jwind
September 22nd, 2009
We are currently testing the recently released RU5 upgrade for SEP. We are upgrading from MR4MP2. When running the install manually on a client it prompts us for the uninstall password for MR4MP2. We enter the password and the upgrade continues fine.
However, is there a way to bypass the uninstall password so the upgrade can be pushed (via MS SCCM) silently. In the past just installing the latest version over the old version worked without prompting for the password.
Is there a MSI parameter that can be used?
Thanks,
Jon
Are the clients managed ? If
Are the clients managed ?
If yes you can disable the uninstall password from SEPM and update the policy on the clients and then you can push the package on to them
Prachand Kumar
MCSE-2003 Symantec Technical Specialist (SCTS)
Info
Greetings jwind,
See above.
Limited Users?
If your users are limited users (or only trusted people have admin rights), then I'd suggest leaving the password to uninstall off so you don't run into this in the future. If a user has admin rights and is knowlegable, they could get SEP off the machine anyway.
If many of your users are admin rights, then you probably still want to keep the uninstall password active.
Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
University of Northern Iowa
Not good enough
In our company we are using SCCM to deploy SEP Clients. Deployment is done silently. Please tell me how to deploy RU5 without disabling password requirement in policies. If this is not possible this must be fixed in the next version of SEP.
Michael Knudsen
Head of Corporate IT Security and Policies
GEA Group
Same here, we have quite a
Same here, we have quite a few users that are are administrators on their machines. Because of this disabling the uninstall password is not an option.
Why was this changed for RU5? This make it a pain to silently upgrade when using anything but the SEP console for upgrades.
Is there a way to upgrade silently with an uninstall password configured?
Thanks,
Jon
Agree.. not good enough
There needs to be a better way without disabling password requirement in policy...
One solution
Using below options makes upgrade possible without any password prompting:
Setup.exe /s /v" /qn REBOOT=ReallySuppress RUNLIVEUPDATE=0"
Works
using /qn instead of /qb! works great. User's won't see the progress bar, but I can live with that.
Thanks.
I'll try the above
We currently use /qb! when running, but I'll try /qn and see what happens.
Thanks for the advice,
Jon
You guys that have the
You guys that have the uninstall password enabled, are you seeing the old SEP entry in add/remove?
See this thread
https://www-secure.symantec.com/connect/forums/ru5...
Yes and no... If I installed
Yes and no... If I installed using /qb! and then cancelled when the uninstall password came up I would get 2 installs of SEP in add/remove programs. I also noticed if I cancelled the install at the uninstall password prompt RU5 would actually be installed/updated.
When I install over an existing install with /qn as an MSI parameter I do not get 2 entries.
--Jon
Let's flip this around...
So does that mean if a (malicious) user wanted to uninstall SEP that an "msiexec /x /qn (symantec msi or product code)" could remove it without the password? ie the password is only part of the gui portion of the msi?
Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
University of Northern Iowa
Uninstalling with /qn
I tested this a few days back... removing with msiexec /x /qn and the removal fails with a status code of 1602. So in short you cannot remove without the password but can upgrade.
--Jon
sigh. another classic
sigh. another classic monkeywrench thrown in by Symantec.
I've been upgrading Symantec Antivirus since 7.01 and this is the first time I've had this password prompt to remove the previous version of symantec during a upgrade.
Even now it doesn't manage to fail consistantly. Only some of the systems I'm upgrading have this problem.
I'm a bit confused by the proposed solution. I am using the setup.exe packaged by sepm. Is the thing to do rebuild that with client install settings set to silent?
Would you like to reply?
Login or Register to post your comment.