Security Basics mailing list archives
RE: Symantec LiveUpdate and User Rights on Win2000
From: <adisegna () siscocorp com>
Date: Fri, 27 May 2005 09:51:22 -0400
What I do in this scenario is put laptop users in their own group within the virus server management console (Symantec Corp. Edition) and allow the client to manually launch live update. When they are on the road or at home and connected to the Internet the updates will install on their laptops. I wasn't aware that virus software (Symantec in my case) would not install virus definitions on behalf of the user. The virus software is installed under an administrator account so you would think the virus defs would also install under the same elevated privileges. I haven't run into this problem with any of my users. Thanks AD -----Original Message----- From: Joe George [mailto:j.george () conservation org] Sent: Thursday, May 26, 2005 3:33 PM To: security-basics () securityfocus com Subject: RE: Symantec LiveUpdate and User Rights on Win2000 Sorry, I should have provided more details. We do indeed have a centralized managed server providing updates. The problem is when, a client (say one with a laptop) leaves the office, their updates aren't being regularly pushed. Without liveupdate ability while under user rights, this is extremely troublesome for those who will be on travel for longer than 2-3 weeks (which is often the case here). Thanks for your prompt input, Anthony. Best regards, Joe -----Original Message----- From: Bundschuh, Anthony D [mailto:ANTHONY.D.BUNDSCHUH () saic com] Sent: Thursday, May 26, 2005 3:26 PM To: 'Joe George'; Bundschuh, Anthony D; security-basics () securityfocus com Subject: RE: Symantec LiveUpdate and User Rights on Win2000 You could setup a Symantec Central server. The users would not be able to do live update, but the server would push out updates. -----Original Message----- From: Joe George [mailto:j.george () conservation org] Sent: Thursday, May 26, 2005 1:18 PM To: Bundschuh, Anthony D; security-basics () securityfocus com Subject: RE: Symantec LiveUpdate and User Rights on Win2000 We do not want them to have power user rights either. -----Original Message----- From: Bundschuh, Anthony D [mailto:ANTHONY.D.BUNDSCHUH () saic com] Sent: Thursday, May 26, 2005 3:13 PM To: 'Joe George'; security-basics () securityfocus com Subject: RE: Symantec LiveUpdate and User Rights on Win2000 You can add the users to the power users group. Power users can install virus definitions. -----Original Message----- From: Joe George [mailto:j.george () conservation org] Sent: Tuesday, May 24, 2005 9:56 AM To: security-basics () securityfocus com Subject: FW: Symantec LiveUpdate and User Rights on Win2000 Greetings all, We are currently in the process of removing Administrative rights from end users. As you may already know, when someone logs in with only User rights, they are no longer able to install AV definitions through the LiveUpdate feature. This is one of the most crucial things we'd like our clients to be able to access in case they are on travel or working remotely. A Trojan/virus has less of a chance of being initialized under user rights, but it is important that the user be able to maintain the definitions if needed. Is there a tweak out there? Thanks in advance. Best Regards, Joe George IT Analyst Conservation International
Current thread:
- Re: Symantec LiveUpdate and User Rights on Win2000, (continued)
- Re: Symantec LiveUpdate and User Rights on Win2000 Matt Burnett (May 27)
- RE: Symantec LiveUpdate and User Rights on Win2000 Bundschuh, Anthony D (May 26)
- RE: Symantec LiveUpdate and User Rights on Win2000 Joe George (May 26)
- RE: Symantec LiveUpdate and User Rights on Win2000 Jason Lopez (May 27)
- Re: Symantec LiveUpdate and User Rights on Win2000 Alvin Chong (May 30)
- RE: Symantec LiveUpdate and User Rights on Win2000 Jason Lopez (May 27)
- RE: Symantec LiveUpdate and User Rights on Win2000 Paris E. Stone (May 27)
- Re: Symantec LiveUpdate and User Rights on Win2000 Micheal Espinola Jr (May 30)
- RE: Symantec LiveUpdate and User Rights on Win2000 Bundschuh, Anthony D (May 27)
- RE: Symantec LiveUpdate and User Rights on Win2000 Locher Thomas (May 27)
- RE: Symantec LiveUpdate and User Rights on Win2000 Roger A. Grimes (May 27)
- RE: Symantec LiveUpdate and User Rights on Win2000 adisegna (May 27)