cancel
Showing results for 
Search instead for 
Did you mean: 

Scripting Tool - Vista & UAC

Hi, we are trying to install EndPoint on Windows Vista and need to run a script to move the local machine to another group in the EndPoint DB . The script needs to run on the reboot after the initial installation thus it is triggered by the run key in the registry. The script fails because it requires an elevation of privileges, The error I receive is "Access to the driver not permitted". If I run the script manually from an administrator command prompt it works fine.

We cannot disable to UAC and it is not acceptable in our environment to expect users to have to click on an elevation prompt.

My question is, why does the scripting tool require and elevation and is there any way to get around it (perhaps by changing permissions on certain files?).

Thanks.
7 Replies
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

RE: Scripting Tool - Vista & UAC

some api commands need to talk to the driver, and this requires elevated privilege.

I guess you're trying to get the local machine name?

RE: Scripting Tool - Vista & UAC

Hi,

yes my script runs through the following:

GetLocalMachineName
IsMachineActive
MoveMachine
SetMachineConfigToGroup
ForceSync

It's failing on the first command, I could actually do away with the GetLocalMachineName part of the script as long as the other components work, do you know if the other commands require an elevation?
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 4 of 8

RE: Scripting Tool - Vista & UAC

I don't believe so no, but ForceSync would be the only other one which might (as the other commands are server side only).

RE: Scripting Tool - Vista & UAC

Great...the other commands worked fine in a standard user context.

I guess I will just have to use WSH to get the hostname of the machine, obviously that is not as tight as using GetLocalMachineName, but there shouldn't (in theory) be any machines named different to the network name in the MEE DB and AutoDomain is configured to recycle machines if one already exists with the same name in the DB.

Thanks for your help.
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 6 of 8

RE: Scripting Tool - Vista & UAC

if you're writing a batch file, you can just use %computername%...

RE: Scripting Tool - Vista & UAC



What kind of scripting tool are you using to move the objects in the database?
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 8 of 8

RE: Scripting Tool - Vista & UAC

SBAdmCL..

it's documented in the "Scripting Tools" section of your Endpoint Encryption Manager install.
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community