XP2 SP2, Enterprise Security Client - Desktop + NAV

Hi,

I'm creating a SOE image for a new environment, utilising a fresh
install of Windows XP Service Pack 2, and the latest release of Norton
Anti Virus 9.0 client. I have encounted no problems at this point, and
can successfully logon and the NAV Tray icon is displayed in the
bottom right hand corner.

When I apply the Microsoft Enterprise Security - Desktop.inf template
from the Windows XP Security Guide V2 for SP2 to the local machine,
this appears to create problems with the tray icon from running. It
appears that the tray icon is normally launched from the run registry
key, however once the local security policy is applied this no longer
functions. Additionally, when logging on a window explorer drive box
is launched containing the path to the executable.

e.g The run command is c:\program files\symantec client\vptray.exe and
upon login the window box of c:\program files\symantec is launched on
the screen. However, if I change the path in the run box to Dos 8.3
format, the window no longer appears, however the tray icon/process
does not launch. (e.g c:\program~1\symant~1\vptray.exe)

I'm positive this a setting relating to the security template, however
changing these one by one I'm unable to remove the problem.
Additionally, if I create a shortcut to the .exe in the user's startup
folder the .exe launches successfully, indicating that the user has
permissions to launch the application.

Hopefully somebody can be of assistance.

lthompson@gmail.com (LT) wrote in message news:<ab0fa7d1.0410072259.25c0122f@posting.google.com>...
> Hi,
>
> I'm creating a SOE image for a new environment, utilising a fresh
> install of Windows XP Service Pack 2, and the latest release of Norton
> Anti Virus 9.0 client. I have encounted no problems at this point, and
> can successfully logon and the NAV Tray icon is displayed in the
> bottom right hand corner.
>
> When I apply the Microsoft Enterprise Security - Desktop.inf template
> from the Windows XP Security Guide V2 for SP2 to the local machine,
> this appears to create problems with the tray icon from running. It
> appears that the tray icon is normally launched from the run registry
> key, however once the local security policy is applied this no longer
> functions. Additionally, when logging on a window explorer drive box
> is launched containing the path to the executable.
>
> e.g The run command is c:\program files\symantec client\vptray.exe and
> upon login the window box of c:\program files\symantec is launched on
> the screen. However, if I change the path in the run box to Dos 8.3
> format, the window no longer appears, however the tray icon/process
> does not launch. (e.g c:\program~1\symant~1\vptray.exe)
>
> I'm positive this a setting relating to the security template, however
> changing these one by one I'm unable to remove the problem.
> Additionally, if I create a shortcut to the .exe in the user's startup
> folder the .exe launches successfully, indicating that the user has
> permissions to launch the application.
>
> Hopefully somebody can be of assistance.


Managed to fix this one myself. The Enterprise Security Template -
Desktop.inf has a entry to prevent the creation of DOS 8.3 short
filenames/paths on NTFS partitions, which seems to break the VPTray
from running from the run registry entry as it uses the default of
c:\progra~1\symantec antivirus\vptray.exe.

This was causing the folder c:\progra~1\symantec to open up and
VPTray.exe not to launch.

Workaround is enclose the run registry entry as "C:\program
files\symantec antivirus\vptray.exe" or remove the reg entry below.
Perhaps Symantec could fix their stuff also.

MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation=4,1