My latest venture was to try and get Norton 2000 packaged to work on Windows 2000, good luck, huh?!
Right away, I run into problems. The problem with these two is that, to run an anti-virus software, you must give it the ultimate security privileges, but Windows 2000 must treat it as any other software, and try to give it as little privileges as possible.
In fact, the security has increased from NT 4.0 to W2K, so look for conflicts with registry keys in the future. Just always remember to ask yourself if the software is doing something different from NT to 2000, can it be the security? Often times, it will be.
Back to the problem at hand. One thing I noticed was that I could not scan my hard drive using NAV 2000, then I did a little research and found out that those keys are now limited to users with administrative rights. In the type of environment that we are all striving for, totally managed, it is impossible to give users administrative rights to their machines, otherwise you surrender control to them.
There is a work around for this issue. You just have to change the rights to the corresponding registry keys. The following keys will need to be changed:
HKLM\Software\Symantec\Norton AntiVirus NT
For each of these keys (and their subkeys), you have to change the rights to the everyone group and give special access.
Also, you have to give rights to the Navnt folder on the hard drive. Grant all permissions to the everyone group and this should do it.
When deciding on an architecture for your Anti-Virus implementation, you must take into consideration where your Live Update share is going to be located. An idea I have seen which seems to work very well is that NAV is distributed as a package and the package sets the Live Update function to look back at the SMS server that the package was generated from. This way, all of the machines have rights to the server.
If you do not want to take this course of action, remember that the server has to be receiving updates from the web and that all of the machines have to have access to that server at all times for proper utilization of the Live Update function.
These are just the beginning to the problems that I am sure to encounter, I will keep you updated with problems and their solutions as I come across them.
Check out Symantec's site for some pretty good support and FAQ's. The link to the support area is as follows: