Vista - Administrator account with *full* rights?

The short question: Why does my Administrator account not have full rights?
Is there a way to creat a new Administrator account with *full* rights to
everything - no diminished rights whatsoever?

Background:
The new Symantec Corporate 10.2 antivirus requires a full administrator
account to install. Otherwise it tries to start the services at the very end
of the install and they fails, rolls back the install ans says it was
terminated before installation.

The local administrator account is disabled by default in Vista, so says the
SAV technition I talked to. We found that it was and I was able to install
on my machine *once*.

I attempted to use the GRC.DAT file to make SAV 10.2 become managed and
could not find a way to do it (the location where you put the file in XP is
no longer in Vista!).

So, I uninstalled and attempted to reinstall as I had done before. It
failed.

I have made zero changes to the rights of the local administrator, but it
fails on the installation, as above.

I really don't want to spend yet another *three hours* (Yes, 3 hours!) on
hold for a Symantec rep, so I am trying to get an answer to this question
about the local administrator account rights.

Well - it isn't what it appears. And the SAV support guy isn't right, at
least in all cases. I did some more experimentation and found that SAV 10.2
wouldn't install in *managed* mode, but *will* install in unmanaged mode.

Sigh. Another long wait on hold. Symantec's support really stinks right
now!!

I wonder if Microsoft's new A-Vofferings will have better support?

"Bill Hobson" <Ihatespamb-hobson@tamu.edu> wrote in message
news:952D6949-B4D8-42AB-8CA9-87DDE0B8C660@microsoft.com...
> The short question: Why does my Administrator account not have full
> rights?
> Is there a way to creat a new Administrator account with *full* rights to
> everything - no diminished rights whatsoever?
>
> Background:
> The new Symantec Corporate 10.2 antivirus requires a full administrator
> account to install. Otherwise it tries to start the services at the very
> end of the install and they fails, rolls back the install ans says it was
> terminated before installation.
>
> The local administrator account is disabled by default in Vista, so says
> the SAV technition I talked to. We found that it was and I was able to
> install on my machine *once*.
>
> I attempted to use the GRC.DAT file to make SAV 10.2 become managed and
> could not find a way to do it (the location where you put the file in XP
> is no longer in Vista!).
>
> So, I uninstalled and attempted to reinstall as I had done before. It
> failed.
>
> I have made zero changes to the rights of the local administrator, but it
> fails on the installation, as above.
>
> I really don't want to spend yet another *three hours* (Yes, 3 hours!) on
> hold for a Symantec rep, so I am trying to get an answer to this question
> about the local administrator account rights.

Bill Hobson wrote:
> Well - it isn't what it appears. And the SAV support guy isn't right,
> at least in all cases. I did some more experimentation and found that
> SAV 10.2 wouldn't install in *managed* mode, but *will* install in
> unmanaged mode.
> Sigh. Another long wait on hold. Symantec's support really stinks
> right now!!
>
> I wonder if Microsoft's new A-Vofferings will have better support?

Just about any AV company will have better offerings than Symantec.

That's odd. I was able to install 10.2 with "my" adminstrator account (i.e.
not "administrator"). I installed on my work domain PC in managed mode, and
it had no trouble installing or communicating with the parent server. I
also installed unmanaged on a standalone PC unmanaged, and that went fine as
well.

Did you select the option to disable Windows Defender?

One side note, I do have UAC turned off, so perhaps try turning that off
temporarily and then installing? It's worth a shot.
--
"Hurricane" Andrew

"Bill Hobson" <Ihatespamb-hobson@tamu.edu> wrote in message
news:OrU78DkGHHA.1468@TK2MSFTNGP04.phx.gbl...
> Well - it isn't what it appears. And the SAV support guy isn't right, at
> least in all cases. I did some more experimentation and found that SAV
> 10.2 wouldn't install in *managed* mode, but *will* install in unmanaged
> mode.
>
> Sigh. Another long wait on hold. Symantec's support really stinks right
> now!!
>
> I wonder if Microsoft's new A-Vofferings will have better support?
>
> "Bill Hobson" <Ihatespamb-hobson@tamu.edu> wrote in message
> news:952D6949-B4D8-42AB-8CA9-87DDE0B8C660@microsoft.com...
>> The short question: Why does my Administrator account not have full
>> rights?
>> Is there a way to creat a new Administrator account with *full* rights to
>> everything - no diminished rights whatsoever?
>>
>> Background:
>> The new Symantec Corporate 10.2 antivirus requires a full administrator
>> account to install. Otherwise it tries to start the services at the very
>> end of the install and they fails, rolls back the install ans says it was
>> terminated before installation.
>>
>> The local administrator account is disabled by default in Vista, so says
>> the SAV technition I talked to. We found that it was and I was able to
>> install on my machine *once*.
>>
>> I attempted to use the GRC.DAT file to make SAV 10.2 become managed and
>> could not find a way to do it (the location where you put the file in XP
>> is no longer in Vista!).
>>
>> So, I uninstalled and attempted to reinstall as I had done before. It
>> failed.
>>
>> I have made zero changes to the rights of the local administrator, but it
>> fails on the installation, as above.
>>
>> I really don't want to spend yet another *three hours* (Yes, 3 hours!) on
>> hold for a Symantec rep, so I am trying to get an answer to this question
>> about the local administrator account rights.
>

"Robert Moir" <robspamtrap@gmail.com> wrote in message
news:u2rWBZkGHHA.1248@TK2MSFTNGP03.phx.gbl...
> Bill Hobson wrote:
>> Well - it isn't what it appears. And the SAV support guy isn't right,
>> at least in all cases. I did some more experimentation and found that
>> SAV 10.2 wouldn't install in *managed* mode, but *will* install in
>> unmanaged mode.
>> Sigh. Another long wait on hold. Symantec's support really stinks
>> right now!!
>>
>> I wonder if Microsoft's new A-Vofferings will have better support?
>
> Just about any AV company will have better offerings than Symantec.

That's a matter of opinion. One that I disagree with. I do admit that
there are some AV companies that have offerings that are competitive with
Symantec's. In my experience, particularly in a managed network setting,
it's tough to top Symantec's level of protection, ease of deployment,
manageability, and flexibility. On a stand-alone basis, it's far easier.


--
"Hurricane" Andrew

The fact that you turned UAC off is why it worked, it means you didn't
have bumper guards on. The Symantec install should be smart enough to
ask for escalation when someone is running UAC, I would expect that much
out of such a large company who is allegedly dedicated to security.

Another way that likely would have worked would have been to open an
escalated command prompt and then fire the executable via command line
from there. I do that all of the time with UAC enabled and haven't seen
an issue with it for those apps that are older or from smaller
companies. Larger companies like Symantec I would beat mercilessly to
get them to fix their crap. There is little reason why something they
have released in the last 6-12 months shouldn't work with UAC.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Hurricane Andrew wrote:
>
> That's odd. I was able to install 10.2 with "my" adminstrator account
> (i.e. not "administrator"). I installed on my work domain PC in managed
> mode, and it had no trouble installing or communicating with the parent
> server. I also installed unmanaged on a standalone PC unmanaged, and
> that went fine as well.
>
> Did you select the option to disable Windows Defender?
>
> One side note, I do have UAC turned off, so perhaps try turning that off
> temporarily and then installing? It's worth a shot.

Hurricane Andrew wrote:

> That's a matter of opinion.

Indeed.

> One that I disagree with. I do admit
> that there are some AV companies that have offerings that are
> competitive with Symantec's. In my experience, particularly in a
> managed network setting, it's tough to top Symantec's level of
> protection, ease of deployment, manageability, and flexibility.

On paper they have a top product in these areas, and they are surely
important on a network; the best virus scanner in the world does you no good
if it's in a dusty box under the system admin's desk because its just too
complex to install it.

In practice, in my experience, problems and poor supported as related by the
post here let them down. But as you say, very much down to opinion.

Place Syamntec Anything in your local round file ... or send it back for a
refund and get NOD32 . Microsofts OneCare system is also Very good.

Gary

"Bill Hobson" <Ihatespamb-hobson@tamu.edu> wrote in message
news:OrU78DkGHHA.1468@TK2MSFTNGP04.phx.gbl...
> Well - it isn't what it appears. And the SAV support guy isn't right, at
> least in all cases. I did some more experimentation and found that SAV
> 10.2 wouldn't install in *managed* mode, but *will* install in unmanaged
> mode.
>
> Sigh. Another long wait on hold. Symantec's support really stinks right
> now!!
>
> I wonder if Microsoft's new A-Vofferings will have better support?
>
> "Bill Hobson" <Ihatespamb-hobson@tamu.edu> wrote in message
> news:952D6949-B4D8-42AB-8CA9-87DDE0B8C660@microsoft.com...
>> The short question: Why does my Administrator account not have full
>> rights?
>> Is there a way to creat a new Administrator account with *full* rights to
>> everything - no diminished rights whatsoever?
>>
>> Background:
>> The new Symantec Corporate 10.2 antivirus requires a full administrator
>> account to install. Otherwise it tries to start the services at the very
>> end of the install and they fails, rolls back the install ans says it was
>> terminated before installation.
>>
>> The local administrator account is disabled by default in Vista, so says
>> the SAV technition I talked to. We found that it was and I was able to
>> install on my machine *once*.
>>
>> I attempted to use the GRC.DAT file to make SAV 10.2 become managed and
>> could not find a way to do it (the location where you put the file in XP
>> is no longer in Vista!).
>>
>> So, I uninstalled and attempted to reinstall as I had done before. It
>> failed.
>>
>> I have made zero changes to the rights of the local administrator, but it
>> fails on the installation, as above.
>>
>> I really don't want to spend yet another *three hours* (Yes, 3 hours!) on
>> hold for a Symantec rep, so I am trying to get an answer to this question
>> about the local administrator account rights.
>

Several things to mention here:
1) Defender was off when I tried to install.
2) The company we buy Symantec from was informed of the support woes I had
and passed it on to my sales rep from Symantec (whom I didn't know and could
not find out from Symantec, BTW) called me and got started on the issues I
had. She gave me her office and cell numbers in case I had any problems
getting a response to my questions.
3) The OFFICIAL ANSWER (drum roll please) is that 10.2 client will not be
supported in managed mode until the release of the server 10.2 version.
4) And finally, the reason SYmantec support stinks right now is because of
the attempted integration of Veritas - the web site (MySupport) support is
broken, so don't expect answers that way for now until they get that
working.

"Hurricane Andrew" <hurricane_andrew@verizon_nospam.net> wrote in message
news:u5K%23DzuGHHA.3540@TK2MSFTNGP02.phx.gbl...
>
> That's odd. I was able to install 10.2 with "my" adminstrator account
> (i.e. not "administrator"). I installed on my work domain PC in managed
> mode, and it had no trouble installing or communicating with the parent
> server. I also installed unmanaged on a standalone PC unmanaged, and that
> went fine as well.
>
> Did you select the option to disable Windows Defender?
>
> One side note, I do have UAC turned off, so perhaps try turning that off
> temporarily and then installing? It's worth a shot.
> --
> "Hurricane" Andrew

<Major SNIP>