Solved

Install Windows Defender via GPO, access is denied error message after installation.

Posted on 2007-03-28
15
985 Views
Last Modified: 2012-06-21
My company is attempting to role out Windows Defender via GPO. I have the proper security settings on the share folder, UNC path in the policy is correct and it is being installed by computer. The application will install, but it will also display an "access is denied" error message, yet the application still functions normally, searching for updates and then running a quick scan. After a subsequent restart, when you try to run Defender, that same error comes up and this time Defender will not open. Restarting the service did not help either.

I have searched the site, but it is seems no one is having my particular problem. Thanks!

Brandon G
0
Comment
Question by:hvapro
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 18812457
Process Monitor v1.1
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/processmonitor.mspx

See if you can run that (set the filter to defender's .exe, and highlight "Access Denied", so the denials of the Filesystem or  registry should appear in color.....
0
 

Author Comment

by:hvapro
ID: 18825884
Which property do I select to highlight "Access Denied"? I am able to filter by the Defender process but not sure about the other one. I appreciate the assistance. I installed Defender, but the Access Denied box only only came up the first time, and after 3 restarts it hasn't returned. Weird.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18826626
In the filter........just fill in the blanks to make the top line look like this.....

Result Is Access Denied then Include

then click Add, and OK.
0
 

Author Comment

by:hvapro
ID: 18885327
Well, I have done as you suggested and nothing displays after I filter for Access Denied. It reinstalled over the weekend, and after logging in this morning, it will not allow me to open the application.
0
 
LVL 1

Expert Comment

by:Adminicle
ID: 19024660
I too seem to be having the same issues. I have read about changing the MSI package it self but that didnt work either.

I have resorted back to installing it manually
0
 

Author Comment

by:hvapro
ID: 19024695
Update: I tried to run it as a batch startup script through Group Policy, but it still gives me the access denied error. Doing a repair on the install *seems* to fix the issue, as that error message has not returned.

Admincle, I tried modifying the MSI as well but I never was able to get it to work.
0
 
LVL 1

Expert Comment

by:Adminicle
ID: 19060324
I've given up on this and will be installing it manually. Only got about 20 machines to do so no big deal.

Would like to know the issue but hey
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Accepted Solution

by:
Adminicle earned 500 total points
ID: 19091557
Ok I had another go at this issue. I have got it working now. Here is what I did

Downloaded the latest version of Beta 2.

Very Importent bit this. didnt do this last time:
Create a Administrative installation by running msiexec /A "c:\WDM\WindowsDefender.msi"
c:\WDM\WindowsDefender.msi is the location of the existing file
installation wizard pops up and you will be asked the location of the install. say C:\WDM\temp
now you will be left with some folders and a new MSI.

Open the new MSI with Orca and remove the following:
CustomAction - CHECK_WGA
CustomAction - OtherWGAError
CustomAction - OpenURL
CustomAction - LAUNCH_MY_PROGRAM_PLEASE
InstallExecuteSequence - CHECK_WGA
InstallExecuteSequence - OtherWGAError
InstallExecuteSequence - LAUNCH_MY_PROGRAM_PLEASE

and change theses:

Property - LAUNCHPROGRAM = 1 to Property - LAUNCHPROGRAM = 0
Property - AgreeToLicense must be set to "No" to Property - AgreeToLicense must be set to "Yes"

Once you have done all the above. Save the new MSI and deploy via GPO.
Works a treat with mine now plus it updates with no errors.

Hope this helps

Adminicle ;)
0
 

Author Comment

by:hvapro
ID: 19092244
Does it have to be beta 2 or just the official release? I will try your method later.
0
 
LVL 1

Expert Comment

by:Adminicle
ID: 19092368
Used the official release first but forgot to setup the msi as admin install! might work but the beta2 did for me in the end!

Hope it works
0
 

Author Comment

by:hvapro
ID: 19108232
Adminicle, your method seems to have overcome our problem. I followed your instructions except where ORCA did not have the item listed. I think OtherWGAError was missing, but that could be due to differences between beta 2 and the final release. I have restarted my test system 3 times and I do not get any access denied errors. I think you figured it out! I will respond in a few days.
0
 
LVL 1

Expert Comment

by:Adminicle
ID: 19114362
Excellent. Im glad I could help.
0
 
LVL 1

Expert Comment

by:Adminicle
ID: 19140104
How did you get on? all working
0
 

Author Comment

by:hvapro
ID: 19141152
Adminicle,

Your method was the solution! My test machine seems to be running fine. Thanks!
0
 
LVL 4

Expert Comment

by:lawson2305
ID: 21691471
On official release these are not present:

CustomAction - OtherWGAError
InstallExecuteSequence - CHECK_WGA
InstallExecuteSequence - OtherWGAError

Removed and made all other changes and have not verified it works.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SSL RA VPN 7 77
pdf to word 13 58
shd and spl analysis 3 60
OUtlook missing email alert 9 18
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now