administrative rights and Norton AntiVirus

[Bill]

We are deploying laptops with WinXP that will not have a
connection to our network or to the internet. Each laptop
will have Norton AntiVirus installed. We plan on updating
virus definitions via CD-ROM. Updating the virus
definitions each laptop requires administrative rights.
The users will not have these rights. Is there a way of
updating the virus definitions without giving the users
administrative rights?

 

[Paul [MSFT]]

Hi Bill,

Regarding your post:
--------------------
| From: "Bill" <[email protected]>
| Subject: administrative rights and Norton AntiVirus
| Date: Fri, 16 Jan 2004 13:52:31 -0800
|
| We are deploying laptops with WinXP that will not have a
| connection to our network or to the internet. Each laptop
| will have Norton AntiVirus installed. We plan on updating
| virus definitions via CD-ROM. Updating the virus
| definitions each laptop requires administrative rights.
| The users will not have these rights. Is there a way of
| updating the virus definitions without giving the users
| administrative rights?
|

Here are a couple of references from the Norton/Symantec support site:

Permissions required to run Norton AntiVirus using
a User Account - Norton Antivirus 2002:
http://service1.symantec.com/SUPPORT/nav.nsf/b69c799adfa31ecc85256aa30052f4d
0/55ac021be2c1c98185256a390065af86?OpenDocument&prod=&ver=&src=sg&pcode=&svy
=&csm=no

Norton KB Results on Issues with User Accounts:
http://search.symantec.com/custom/us/techsupp/kb/query.html?prod=&qt=definit
ions+%22local+administrator%22&ver=&col=kb&qp=product%3A%22Norton+AntiVirus%
22&stg=&base=&next=&sone=&miniver=&st=22&nh=7&lk=1&rf=0&src=sg&pcode=&svy=&t
askquery=&boolean=&action=

Another thing you might explore is Norton/Symantec's Intellegent Updater:
http://service1.symantec.com/SUPPORT/nav.nsf/docid/1998082013035306?Open&src
=sg&docid=1999100611180006&nsf=nav.nsf&view=df0a595864594c86852567ac0063608c
&dtype=&prod=&ver=&osv=&osv_lvl=

DISCLAIMERS:

The third-party contact information included in this post is provided
to help you find the technical support you need. This contact information
is subject to change without notice. Microsoft in no way guarantees the
accuracy of this third-party contact information.

The third-party products discussed here are manufactured by vendors
independent of Microsoft; we make no warranty, implied or otherwise,
regarding these products' performance or reliability.

=========
This posting is provided "AS IS" with no warranties, and confers no rights.

Windows XP Security Homepage:
http://www.microsoft.com/windowsxp/security/default.asp

Windows 2000 Security Homepage:
http://www.microsoft.com/windows2000/security/default.asp

Top 10 Windows Newsgroups Security Questions:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp

=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
(e-mail address removed)

 

[Bill]

Thanks for the input. I've already researched the
Symantec website and I am waiting for a response on this
issue from them, but I wanted to see if anyone on the
Microsoft side had any ideas on how to do these updates on
remote, standalone laptops without giving the users
administrative rights.

 

[drunkardswalk]

Thanks for the input. I've already researched the
Symantec website and I am waiting for a response on this
issue from them, but I wanted to see if anyone on the
Microsoft side had any ideas on how to do these updates on
remote, standalone laptops without giving the users
administrative rights.

Well, you ain't'a gonna like hearing this, but I've gone the rounds with
Symantec on this issue, and their official pronouncement is that you have to
do it through LiveUpdate, and you have to have Admin rights. Although they
wouldn't explicitly admit it, it was clear the only reason for this is so they
can verify that you're legal, which is the same reason the Win Update Site has
even more stringent requirements. Bummer to pay for the software, then have
to put your machine on the net in a highly insecure mode in order to get the
security updates you're entitled to.

Reid Sweatman

 

[Marco]

Hi guys

I have just run into your posting and I think I may have a solution, and am
therefore writing you to see whether you are willing to give it a try. I
have just completed the development of a kernel driver that allows you to
run applications with elevated privileges from a regular user account.

If you have the time I would be grateful if you give NeoExec, that is the
name of the product, a spin. the url is www.neovalens.com, then click on
Downloads.