Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Endpoint Management Community Blog
Showing posts tagged with 7.x
Showing posts in English
Darrell Elmore | 24 Aug 2012 | 0 comments

Problem

It seems that the Install Endpoint Protection task fails for some but not all computers.

Solution

  1. Go to the installation package located under D:\Program Files\Altiris\Notification Server\NSCap\bin\Win32\x86\Symantec Endpoint Protection\Install Package or D:\Program Files\Altiris\Notification Server\NSCap\bin\Win64\x64\Symantec Endpoint Protection\Install Package
  2. Open the InstallSEP_<Package Name>.vbs file
  3. Make the following changes

Change: WshShell.Run <Package Name>.exe, HIDE_WINDOW, WAIT_ON_RETURN

To:  sCurrPath = CreateObject("Scripting.FileSystemObject").GetAbsolutePathName(".")

WshShell.Run chr(34) + sCurrPath + "\<Package Name>.exe" + chr(34), HIDE_WINDOW, WAIT_ON_RETURN

In my case this seemed to have fixed my...

stebro | 21 Aug 2012 | 0 comments

One of the first challenges an organization faces when deciding to remove end-user administrator rights is determining what applications require such rights. Many times the approach is to remove administrator rights, see who complains and add those users back to the administrators group. Over time, large chunks of an organization still have administrator rights due to applications that are not compatible when run as a standard user. Let’s look at how this can be addressed.

There are four application types that typically require administrator rights:

  • System Utilities: Some of these utilities make sense to restrict from standard users including computer management, turning Windows features on or off, or allowing remote access. Others such as the Disk Defragmenter, changing the system time, or adding language packs may be appropriate
  • Installers: Most installers will not run by a standard user. There are some installer exceptions that will still...
ianatkin | 08 Aug 2012 | 0 comments

As I keep forgetting where the Dell driver cabs are, I thought that I should document it somewhere.... ;-)

http://en.community.dell.com/techcenter/enterprise-client/w/wiki/2065.dell-driver-cab-files-for-enterprise-client-os-deployment.aspx

For those of you out there that download drivers by going through the Dell support website, you'll find these CABs a dream. All the drivers for your model in one place. I generally just do an inf search through the folder structure, looking for the Device ID I need.

stebro | 02 Aug 2012 | 0 comments

Windows 7 migrations are in full force with Windows 8 on the horizon. One of the many challenges is addressing application compatibility and security. Arellia will be hosting a webcast to learn about issues related to moving legacy applications to Windows 7 or 8 and how to make those applications compatible and secure. Arellia is integrated with the Symantec Management Platform and sold through Symantec.

Register for the webcast

Ludovic Ferre | 28 Jul 2012 | 0 comments

This week was pretty much replication week for me.

I'll cover a few topics on this blog but today we will look at the Package Replication part and the implications it has for UNC base packages.

When a SMP is refreshing it software packages it does a few check that relate to the package source type, as they are handle differently: local, unc or http sources.

It also verifies whether the package is local or replicated from another server. In the later case, and for UNC package the refresh will no generate any snapshot nor any codebases for the server.

One of the cases this week came a partner had tested successfully the following scenario in their lab: Server A is the master SMP and replicates (via standalone replication) a set of DSL packages (thus UNC based) to Server B (and other 'slave' SMP's). Packages from Server B where able to download the DSL packages without any problems.

But as per the package snapshot and codebase...

Ludovic Ferre | 28 Jul 2012 | 0 comments

This week I had a remote session to help a customer troubleshoot SQL Connectigvity issues. This was a ressurgence of an hold issue, namely the Client Message Dispatcher service would throw regular errors indicating that the Sql Connection is not available or was closed.

The customer had migrated from a local SQL instance to a remote SQL Server (which had multiple benefits, including the switch to a 64-bit platform there) and the problem was apparantly resolved. However it came back this week, so we took a fresh look at it.

First we needed to instrument the Client Message Dispatcher, to acertain whether the issue was really impacting or not. If you are a regular reader of my blog post you will know what my standard answer to these kind of issues is: Altiris Profiler.

Only that the profiler would throw an exception on invokation, of type Cryptographic ... We solved that one issue thanks to Google and the Symantec KB, by simply crafting a new Sql Connection string...

Ludovic Ferre | 23 Jul 2012 | 2 comments

I have struggle a bit with my preferred tool to understand where the profiling data is stored these days, as it has changed quite a bit from the initial release of the tool in version 6.0 SP3 (this dates by quite a bit now).

It started a few month ago when one of my customer had some issues. We noticed that clearing the profiler was very slow. Going at data rates of just a MiB per second.

I was trying to locate the buffer files, as the profiler versions early from 7.1 used to store the data in a zero-impact buffer file. But this was not yielding any results. I could see from the Windows folder some temp files being written but not much else.

It continued with another customer last week, and today whilst I was opening a 16GiB buffer file it all came clear. I started by cleaning up a local drive to have enough space to old the file and do a local import. After copying the full file at a rate of 375 Mbps (still it took ~10 minutes) I thought I had done most of the...

Terry Cutler | 19 Jul 2012 | 0 comments

In preparing for some future events and training courses, a request was made to easily reset the client systems to original state.

 

A little bit of background - the "Reset" required each individual client's hardware to be reimaged back to original state. No virtual machines on the client (long story why this requirement... but know that each client's "start state" is unique).

 

I took a simple approach - reimage for the operating system partition using a locally stored image. To initiate the process, use the IDE-Redirection capability of Intel vPro Technology delivering a scripted bootable ISO image to the client.

 

A few additional steps were needed - ensuring a separate partition was large enough to store the "backup" image,...

Ludovic Ferre | 18 Jul 2012 | 0 comments

I have collected Symantec.pl.xml files since the beta in February 2009 and have a repository of 2.5 GiB of XML here at home. I am not devoting much time to the task to be completely honnest, as a shell script take care of verifying if a new file is available every 5 minutes.

I have also crafted a few (Linux) utilities to get some information out of the xml files. The first one was just a file cleaner that hanlded the task of clearing the pl.xml from any localisation. I never made much use of it, however it was of great help when I discussed with the product team improvments that later came to the prioduct listing and how the Symantec Install Manager handles it (first a compressed version of the file and then a langaue agnostic version). The second utility is still in use scrapes package related data from the xml, and crafts a mirror tree of the SolutionSam site. It even has the feature to copy MSI files to the correct location if they are in the same folder as the tool....

Ludovic Ferre | 13 Jul 2012 | 3 comments

If you have followed the Package Server saga [1][2] on my Connect Blog you will be happy to hear that we got it all working today, but not without a last twist, that takes us to this blog post subject.

In this customer the SMP and Site Servers do not have access to the Internet. This is a not a real problem for our products however it (the lack of Internet access) has one major impact related to a security feature of the Microsoft .Net framework that I will resume in three points:

Assembly signing, assembly loading and CRL.

To ensure that .Net code is globally and securely accessible on a workstation (i.e. for an assembly/dll to be stored in the Global Assembly Cache - also known as the GAC) Microsoft enforces assembly signing. This means the assemblies are protected against tampering.

Now comes assembly loading. In our products we use code that is shared amongst many part of the product. This code leaves in DLL that...