Cameron T. wrote: Re: the article about Pushing out Symantec AntiVirus Corporate Edition 10.0, I like the idea of deploying via SAV 10’s client remote install, however, when I select the desired workstations the process won’t continue because it demands the administrator login and password of the local domain the workstation belongs to, but our environment does not have domains. I tried typing the local administrator account and password but this was unrecognised. Any ideas?
OPEN CALL: Anyone have any suggestions for Cameron? Let us know.
- Christopher Farkas
- Chris Williams
- Mario Haven
- Eric Ho
- Sami Kapanen
- Garrett M. Pichler
- Matthew Barclay
- Robert Parlett
- Bengt Bäckström
Did you try the format of Computername\Username?
I still run in an NT domain structure and don’t have all my servers in
the Domain and that normally works for me. Also, try creating the same
user name and PW on all your PCs, that way, when the application checks
for username/pw, it will fool it into thinking that it’s a domain good on
I’ve had exactly the same problem with SAV versions 9 & 10. In my case about 90% of the machines would work using local administrator, but the other 10% wouldn’t. It sometimes helped to ensure that the target machine was powered on and a user was logged in when I attempted the remote install.
Another thing that helped was to import a list of IP addresses into the SAV install utility instead of using the built-in network browser.
After these work-arounds, I usually got about 98% installed remotely, the rest I had to do manually (or via remote control).
I have pushed out more than 1000 SAV Clients to our Windows machines over ZENworks, using the .MSI and a customized .MST File and it’s working great.
If you want to install the clients remotely, using the Symantec console, you don’t need a domain for client access. Simply create a TXT file that holds the IP addresses of your workstations. Inside the Symantec Remote Install Windows mark your primary server, then use the Import button and select your TXT File. As a login, use Workgroup/administrator (sometimes the Administrator only is not working, however Symantec knows the bug ) and your password. This should work.
Try the Symantec System Center Console. It is so easy to remotely
install the client to remote workstations. From its Client Remote Install
tool, you pick the workstation which you would like to deploy the client
to, and key in local administrator password once. Then the job is done.
The only problem I have encountered is that I have to record those
workstations which were offline while I was deploying the client. Then when
they are back online I deploy the client over again.
Another easy way is using the ZENworks Application object. Configure it as
- Create MSI object
- Select Force run, Once.
- Select No user interaction.
- Make it available for offline users
- Run as system user.
- Use the availability to check the SAV client Version in registry.
That’s it. Hope it helps. Good luck.
SAV Remote Install does work with the Windows local Administrator account & password, we don’t have domains either. But it requires other things too:
If you can access the shares, you can RemoteInstall SAV, so try:
net use * \\workstation\c$
See Symantec Support for more information.
The reason for getting the administrator login and password box is that Windows Firewall is enabled. The simple solution is to disable Windows Firewall and then try to push it from the SAV remote install console. You can also try to open the ports for SAV in Windows Firewall. Check this out.
(Side Note: I have not had much luck with opening the ports and getting them to install correctly.)
After you have done the push, re-enable Windows Firewall on the workstations.
My company is pushing out SAV via the Symantec Remote Client Install
feature. While setting it up, we ran into the same issue that you are
talking about, asking for the un/pw/domain when you select a
workstation. It is a port issue.
You need to open 2967 TCP and 139 TCP
on your routers. The ports need to be opened from the subnet where SSC is
running, to any subnets containing clients that you want to perform
remote install on. You will also need to open the ports on the Windows
Firewall on the client computers. We did this via a Novell login
We never got the Remote install feature to work with PCs that were not
on the domain, but it works great for clients that are on a domain.
Symantec’s Remote Client Install tool is nice if you have an AD Domain, but since you don’t have one I’m pretty sure you’re Sorta Outta Luck. Since you’ve read the Pushing out Symantec AntiVirus Corporate Edition 10.0 article, why don’t you try one of those suggestions instead?
You could also try to do it the Symantec way with the container login script and the SymantecAntivirusUser group. As per the SAV installation manual:
Configuring automatic client installations from
If you have a Novell NetWare server, but no Windows workstations on which to
run the Symantec System Center, you can configure Symantec AntiVirus to install
automatically on your Windows clients.
To configure automatic client installations from NetWare servers
- Add users to the SymantecAntiVirusUser group using Nwadmin32 or
- On the server console, load Vpregedt.nlm.
- Click (O)pen.
- Click VirusProtect6.
- Press Enter.
- Click (O)pen again, click LoginOptions, and then press Enter.
- In the left pane of the window, click (E)dit to edit values.
- Click DoInstallOnWin95, and then select one of the following:
- OPTIONAL: Prompts the user whether to start the installation.
- FORCE: Silently starts the installation.
- NONE: Do not install.
These entries are case-sensitive.
- If you previously installed clients and need to force a new update, increment
the WinNTClientVersion to a higher number.
- Unload the Symantec AntiVirus NLM from the NetWare server.
- Type the following command to reload the NLM:
- Test the client installation by logging on as a member of the
SymantecAntiVirusUser group from a Novell NetWare client.
Also, you’ll need to make sure that the container login script is added to whatever container your users are in. This is the container script I pulled from the SAV 10.0 install CD’s install.ini. This needs to be cleaned up a bit i.e. replace the $FILE_SERVER$ strings with your SAV server’s name and replace the “.CN=SymantecAntiVirusUser.$OU$ string with the right context:
IF MEMBER OF ".CN=SymantecAntiVirusUser.$OU$" THEN MAP INS S1:=$FILE_SERVER$\SYS:\LOGIN\NAV IF "%OS" = "WIN95" OR "%OS" = "WIN98" THEN #VP_Log32 /p=\\$FILE_SERVER$\SYS\LOGIN\NAV ELSE #OSVER IF "%ERROR_LEVEL" = "1" THEN ; Not Client 32 -- do normal DOS things ; #PUSHPOP +T \\$FILE_SERVER$\SYS\LOGIN\NAV\VPTEMP ; MAP T:=$FILE_SERVER$\SYS: ; #LOGINVER ; #VP_Log16 /p=T:LOGIN\NAV /l=$LANG_ID$ /n="%ERROR_LEVEL" ; IF "%ERROR_LEVEL" = "1" THEN ; #TSRINIT /Q T:\LOGIN\SAV\VPSCAN16.BAT T:\LOGIN\NAV ; #TSRINIT /Q \\$FILE_SERVER$\SYS\LOGIN\NAV\PUSHPOP -T: \\$FILE_SERVER$\SYS\LOGIN\NAV\VPTEMP ; ELSE ; #PUSHPOP -T: \\$FILE_SERVER$\SYS\LOGIN\NAV\VPTEMP ; END ELSE ; In case it is Client 32 on Windows 3.1 IF "%ERROR_LEVEL"="3" OR "%ERROR_LEVEL"="2" OR "%ERROR_LEVEL"="17" THEN #\\$FILE_SERVER$\SYS\LOGIN\NAV\OSVER IF "%ERROR_LEVEL" = "1" THEN ; It is Client 32 on Windows 3.1 ; #PUSHPOP +T \\$FILE_SERVER$\SYS\LOGIN\NAV\VPTEMP ; MAP T:=$FILE_SERVER$\SYS: ; #VP_Log16 /p=T:LOGIN\NAV /l=enu /n="4" ; #VPSCAN16.BAT T:\LOGIN\NAV ; #TSRINIT /Q \\$FILE_SERVER$\SYS\LOGIN\NAV\PUSHPOP -T: \\$FILE_SERVER$\SYS\LOGIN\NAV\VPTEMP ELSE #VP_Log32 /p=\\$FILE_SERVER$\SYS\LOGIN\NAV END END END END MAP DEL S1: END
I’ve done it this way with SAV 7.x and 8.x, however it’s been a while so I can’t guarantee anything.
Create a simple application object and point it to the setup.exe with the settings “Setup.exe /S /v/qn” and the installation will go smoothly. Make sure to run it as unsecure system user and you should be home free.