cancel
Showing results for 
Search instead for 
Did you mean: 
bhamill
Level 7

can't unlock user interface option

McAfee 8.5.0i, patch 5, managed by ePo 4.0. About 300 seats. the ePo policy for User Interface Options shows that all items in the console are supposed to be password protected, and when I'm logged into a workstation as an admin, they are. That is, I can start the console, click Tools/Unlock User Interface, enter a password, and have access to disable access protection, stop on-access scanning, etc.

However, when I'm logged on to the same workstation as a regular user, I can't do that. All options are grayed-out, and I can't stop the services (which our helpdesk techs sometimes need to do for troubleshooting).

What I don't get is that I don't see anything in ePo policies that says "admins can do this, users can't." I'd like for any logged-in user to be able to enter the password (which we change regularly and don't give out to users) and access the console.

What am I missing here?
0 Kudos
7 Replies
MorrisComm
Level 7

RE: can't unlock user interface option

We're also having this issue. :confused:

VSE 8.5 Patch 7 on an ePO 4 P3 core.

Any help is appreciated.
0 Kudos
bhamill
Level 7

it's by design

Hmmm... I guess I should have read the documentation:

------------
Non-administrators — Users without administrator rights. Non-administrators run all VirusScan Enterprise applications in read-only mode. They can view some configuration parameters, run saved scans, and run immediate scans and updates. They cannot change any configuration parameters, create, delete, or modify saved scan or update tasks.

Administrators — Users with administrator rights. Administrators must type the password to access the protected tabs and controls in read/write mode. If a password is not provided for a protected item, they view it in read-only mode.
-------------

So, the password only matters to Admins. I just now got back to my desk after talking to helpdesk and telling them that they can't try to "solve" problems by disabling the software- they'll have to troubleshoot the problem, ask for exceptions to scans, etc.

Good luck,
BH
0 Kudos
MorrisComm
Level 7

RE: it's by design

Well alrighty. I can unlock the console now by dropping the console exe into a runas window launched with local admin privs.

I tried explaining the idea to a McAfee technician over an IM session. They insisted that I had to log off of the machine and log back on as an admin to do this. My response "Um, no, I would lose my IM to you then."

Either way, I can get to it now. Props to bhamill for reading the manual and educating the masses.

thanks...
0 Kudos
bhamill
Level 7

RE: it's by design



When in doubt, RTFM. Thanks to you for the workaround suggestion.
0 Kudos
Highlighted
michaelkhim
Level 7

Please advice step by step




Can you please advice me on how did you do it step by step? I'm now facing the same problem. Thank you
0 Kudos
MorrisComm
Level 7

RE: Please advice step by step

Sure.

The snippet below is based on the assumption of trust. Do you trust the machine that you will be typing your administrative credentials into? Is there a keylogger or malicious app resident to the machine that will glean your password?

A word of advice: supply a local admin account if possible and NOT a domain admin account. Local admin privs that are compromised suck, domain admin privs that are compromised are on another level (literally!).

Anyway.

Open a command prompt.
"runas /user:LocalAdmin cmd" where 'LocalAdmin' is a local or domain admin on the machine.

Once the new window is opened with the admin privileges (the title should read 'c:\windows\system32\cmd.exe (running as LocalAdmin)'), launch the VirusScan console ('c:\program files\McAfee\VirusScan Enterprise\mcconsol.exe').

Once the console is opened, go to Tools->'Unlock User Interface'. By providing the password, you are no longer in read-only mode. Please remember to lock the interface back when done. AND CLOSE THE COMMAND SHELL WHEN FINISHED.

This works on an XP machine.

FYI, I NEVER log into my machine with an admin account. I open the command shell with elevated privs and drag-n-drop the application icon(s) into the shell. Wanna browse to a folder with elevated privs? Type 'cd' then drag the folder icon into the shell; this places the command shell in the directory 'dropped' into the shell.

Fire away.

A word of caution: not everything should be run with administrative privileges. I also recommend that you DO NOT LAUNCH Internet Explorer with elevated privs unless absolutely needed.

Your mileage may vary, have fun.
0 Kudos
akkichauhan
Level 7

Re: can't unlock user interface option

Thank you very much BHSmiley Happy

You helped me crack it.

0 Kudos