Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 2751 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Protect Computers try to install with Account <Computername>$

David Do Van

Hello Community,

We use a new SEC and had a lot of 80070002 Errors when trying to protect Computers. While having a look at the fsmgmt.msc on our Fileserver I noticed, that It didnt try to acces the network share as <administrator account> or SophosUptMgr, but as <Computername>$. Which caused the installation to fail. Is this normal behaviour?



This thread was automatically locked due to age.
Parents
  • +1

    Hello David Do Van,

    Protect Computers asks for an account which is used to access the remote computer, create a scheduled task running under this account, and access the specified share/CID. Guess it is normal behaviour of the Windows APIs the Task Scheduler uses. If Protect works on some computers but not on others it's not a general problem with the share though as shown in the article for 80070002.
    Is this an AD environment and did you use a Domain Admin? Can you run setup.exe "manually" from an elevated command window one of the problem machines? 

    Christian   

  • 0 in reply to QC

    Hello QC,

    Yes it is an AD environment and I had to use ->The<- Domain Administrator because my boss wanted it. And Yes I can install the Endpoint by hand, but that would disturbed the users workflow. I guess, since it is not a critical behaviour it would be easiest to give domain computers read rights to the share.

     

    Cheers, David Do Van

Reply
  • 0 in reply to QC

    Hello QC,

    Yes it is an AD environment and I had to use ->The<- Domain Administrator because my boss wanted it. And Yes I can install the Endpoint by hand, but that would disturbed the users workflow. I guess, since it is not a critical behaviour it would be easiest to give domain computers read rights to the share.

     

    Cheers, David Do Van

Children
  • 0 in reply to David Do Van

    Hello David Do Van,

    it might be an obscure security setting that at some point breaks the workflow. by hand would be setup.exe with the switches from an elevated command prompt running in a logon session of the admin account. But IIRC I had cases where the scheduled task ran but not as expected (i.e. the network login nevertheless failed).

    If it works with read rights for the computer accounts (which aren't really a security risk) then fine (and it'd make the Task Scheduler a suspect). You are aware that Protect is just one way to install, aren't you?

    Christian

  • 0 in reply to QC

    Yes I know I cann roll out per Script or by hand. But by hand it disturbes the user and Startup Script would slow down logins for a while. So protect is my actual way to go.

Unfiltered HTML