Endpoint Protection

 View Only

  • 1.  SEP on 2003 Terminal Services causing ntuser.dat problems

    Posted Jan 22, 2010 01:07 PM
    Hi all,

    We're having some problems with SEP locking each user's NTUSER.DAT file in Terminal Services. End result is, without rebooting the server, the user's cannot login the next day because the registry hive is still "open."  We've installed the User Profile Hive Cleanup Service from Microsoft and added the executable to the exceptions list. (We still get the tamper protection warnings though.) However, we're still stuck on nightly reboots. Anyone fixed this?


  • 2.  RE: SEP on 2003 Terminal Services causing ntuser.dat problems

    Posted Jan 22, 2010 02:53 PM

    Did you install it follwing the directions in Symantec's Terminal Server and Citrix Best Practices White Paper?

    What version of SEP are you on? From that somewhat old doc, you should be on at least MR3.

    Ray



  • 3.  RE: SEP on 2003 Terminal Services causing ntuser.dat problems

    Posted Jan 22, 2010 03:34 PM
    It was installed in console mode with the local administrator account as an unmanaged client. We also had a fair few problems wth SEP locking up the print spooler folder initially as well.

    Version is SEP 11.04


  • 4.  RE: SEP on 2003 Terminal Services causing ntuser.dat problems

    Posted Jan 22, 2010 03:40 PM
    Sorry, MR4. Got cut off. I did check the forums as well and the accepted solution is to add NTUSER.DAT to the exceptions list? That seems like a terrible idea.

    According to this, MR4-MP2 did not actually correct this problem:
    https://www-secure.symantec.com/connect/forums/endpoint-protection-stopping-users-reciving-there-windows-profiles



  • 5.  RE: SEP on 2003 Terminal Services causing ntuser.dat problems

    Posted Jan 22, 2010 03:43 PM
    And adding the wildcard %userprofile%\ntuser.dat to the exceptions gives me some bizarre message about the file being in use.


  • 6.  RE: SEP on 2003 Terminal Services causing ntuser.dat problems



  • 7.  RE: SEP on 2003 Terminal Services causing ntuser.dat problems

    Posted Jan 22, 2010 03:53 PM
    Vikram, I did mention this above so your post is not new information. That second link is the one I already posted. And the one on top is almost identical information.

    But I don't know that it's crossed anyone's mind that NTUSER.DAT is HKCU? So by excluding it, does that also exclude SEP from detecting registry tampering for that user?


  • 8.  RE: SEP on 2003 Terminal Services causing ntuser.dat problems

    Posted Jan 23, 2010 06:56 AM
    In the server first you confirm that the exclusion is got affected. Below doc can help you in this

    How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory