RE: Symantec LiveUpdate and User Rights on Win2000

[Locher Thomas <Thomas.Locher () swarovski com>]

There is an article on the Symantec Support Page which tells you a specific
folder on C:\Documents and Settings. If you give the user permissions to
modify this folder LiveUpdate works without administrative rights (i used
this about a year ago for a friend). Hope this helps...

Thomas

-----Original Message-----
From: Joe George [mailto:j.george () conservation org]
Sent: Donnerstag, 26. Mai 2005 21:33
To: security-basics () securityfocus com
Subject: RE: Symantec LiveUpdate and User Rights on Win2000


Sorry, I should have provided more details.  We do indeed have a centralized
managed server providing updates.  The problem is when, a client (say one
with a laptop) leaves the office, their updates aren't being regularly
pushed.  Without liveupdate ability while under user rights, this is
extremely troublesome for those who will be on travel for longer than 2-3
weeks (which is often the case here).  

Thanks for your prompt input, Anthony.  

Best regards,

Joe 

-----Original Message-----
From: Bundschuh, Anthony D [mailto:ANTHONY.D.BUNDSCHUH () saic com] 
Sent: Thursday, May 26, 2005 3:26 PM
To: 'Joe George'; Bundschuh, Anthony D; security-basics () securityfocus com
Subject: RE: Symantec LiveUpdate and User Rights on Win2000

You could setup a Symantec Central server.  The users would not be able to
do live update, but the server would push out updates.

-----Original Message-----
From: Joe George [mailto:j.george () conservation org] 
Sent: Thursday, May 26, 2005 1:18 PM
To: Bundschuh, Anthony D; security-basics () securityfocus com
Subject: RE: Symantec LiveUpdate and User Rights on Win2000

We do not want them to have power user rights either. 

-----Original Message-----
From: Bundschuh, Anthony D [mailto:ANTHONY.D.BUNDSCHUH () saic com]
Sent: Thursday, May 26, 2005 3:13 PM
To: 'Joe George'; security-basics () securityfocus com
Subject: RE: Symantec LiveUpdate and User Rights on Win2000

You can add the users to the power users group.  Power users can install
virus definitions. 

-----Original Message-----
From: Joe George [mailto:j.george () conservation org]
Sent: Tuesday, May 24, 2005 9:56 AM
To: security-basics () securityfocus com
Subject: FW: Symantec LiveUpdate and User Rights on Win2000

Greetings all,

We are currently in the process of removing Administrative rights from end
users.  As you may already know, when someone logs in with only User rights,
they are no longer able to install AV definitions through the LiveUpdate
feature.  This is one of the most crucial things we'd like our clients to be
able to access in case they are on travel or working remotely.  A
Trojan/virus has less of a chance of being initialized under user rights,
but it is important that the user be able to maintain the definitions if
needed.  Is there a tweak out there? 

Thanks in advance.

Best Regards,

Joe George
IT Analyst
Conservation International