Client Management Suite

Hi,

I tried to install the Symantec Management Agent 7.0 on a Windows 7 machine using push method.

1. The AltirisAgentInstSrv.exe process does not start on the client end.

2.On the NS side it  shows status as "The network Path was not found".The Windows Firewall is disabled on the client machine. Kindly provide a resolution to this issue as we are stuck and not able to proceed further.

You can verify this by going to Start | Run (from the server) and simply typing in \\targetsystemname\admin$.  That's the share we try to connect to for installing the service.  If you can't see it in Windows, then neither can we, because we use the default windows provider service for mapping to that system.

Sometimes this can be resolved by putting in an IP addy instead of system name.  Sometimes it indicates issues with DNS or WINS.  Sometimes FQDN helps.  It all depends, but in essence, if you can't see if from the RUN line, then we wont either.

Does that make sense?

I got your point. Thanks. But how can we provide access to admin$ share. Please resolve this issue too.

Hi there!

The admin$ share is meant to be pointed at c:\windows\. If you have this share enabled you should be able to install software remotely.

We have 7000 clients. And i want to install the agent remotely on all clients. Maybe on some clients the admin$ share is not enabled. Is their a way to enable this for the whole domain? I mean via Active directory etc.

Or can I install the Agent on all 7000 clients irrespedtive of wheather the Admin $ share is enabled or not.?

Please help in resolving this....

Hi,

There are a couple of aspects to the Windows 7 security model which try to prevent elevated remote access (i.e. agent pushes),

1. UAC blocking elevated administrator tokens on file shares
2. Administration shares being disabled by default

The symptom of (1) above is that when you authenticate as an administrators group member to file share the access token you get is diminshed (the administrators group portion is removed from it). To resolve, turning off the UAC certainly works. There might be specific policies you can enable/disable though in the UAC myriad but I've not been able to determine the key policy here.

The symptom of (2) is that although you can access other shares on the target computer, you can't get access to the administrative ones, getting the error  "Network Path Not Found" in this case.  To resolve this open Regedit. Navigate to HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System and create a new DWORD: LocalAccountTokenFilterPolicy with the Value of 1.

In short, you'll not be able push the agent on Windows 7 without first ensuring you tackle the above so you can be granted elevated access the windows folder remotely.

Hope this helps,
Ian./

You can get around blocks like this with logon scripts.  A "Pull" installation is just as valid as a push, though not quite as controlled.  A script that 1) sees if you have the agent and 2) if not pulls the install down will always run even with a lock-down in place on this share.  If you find that your corp policies prevent you from fixing the problem the other way, propose this as an alternative to what network admins might call a "security risk."