This solution is written to provide the basic guidelines when setting up the WFBS product suite on top of Microsoft Windows Vista and Windows 7 Desktop Operating Systems.
Please take note of the following guidelines when installing WFBS clients on Vista:
Vista Built-in Administrator
By default, the built-in administrator account in Vista is disabled. To successfully install the Client/Server Security Agent, you need to enable the built-in administrator. Do the following:
- Click Start > Control Panel > Administrative Tools.
- Double-click Computer Management, then go to System Tools > Local Users and Groups > Users.
- Right-click the Administrator and select Properties.
- On the General tab, clear the Account is Disabled check box.
- Close the Computer Management console.
Client Packager / Autopcc.exe Installation
Trend Micro recommends using the Client Packager MSI package to install WFBS Security Agents on Windows Vista clients. WFBS Security Agents uses a true MSI package, which can be deployed via Active Directory using the domain administrator account.
If you are logged on using a user-created administrator account, right-click on the autopcc.exe or Client Packager file, then select Run as administrator.
Make sure to add the URL of the WFBS server to the list of Trusted Sites in Internet Explorer.
- Open Internet Explorer.
- Click Tools > Internet Options.
- Go to the Security tab, then click Trusted sites > Sites.
- Add the URL of the WFBS server or console.
- Click OK.
Make sure that Internet Explorer allows ActiveX controls to run.
- Open an Internet Explorer browser.
- Go to Tools > Internet Options.
- Click on the Security tab.
- Select Internet in Web content zone.
- Click Custom Level.
- Go through all the ActiveX settings, then select Prompt or Enable.
If you are logged on using a user-created administrator account, disable the User Account Control (UAC) feature before installation.
- Open the Control Panel.
- Click User Accounts.
- Click Turn User Account Control on or off.
- Uncheck the Use User Account Control (UAC) to help protect your computer check box.
- Click OK.
- Restart the machine.
For Windows 7, go to Control Panel > User accounts > Change User Account Control Settings and move the slider to Never notify.
The Web install and Notify install deployment methods are only available if Microsoft Internet Explorer is set to Run as administrator. To give Internet Explorer this privilege, do the following:
- Go to ..\Program Files\Internet Explorer.
- Right-click iexplore.exe, then select Run as administrator.
The Remote Registry service in previous Windows versions was set to start automatically. In Vista, however, it is disabled by default. Administrators must manually enable this service. Do the following:
- Click Start > Run.
- Type in “services.msc” and press ENTER.
- Right-click Remote Registry service and select Start.
The Remote install method requires file and print sharing on the receiving client. The Windows Vista firewall, however, is not pre-set to permit remote folder access. For remote installation to work, administrators must define the sharing and security model for local accounts.
To verify if Sharing and security model for local accounts is defined:
- On the Vista machine, click Start > Run.
- Type “secpol.msc” and press ENTER.
- Under Local Security Policy window, go to Security Settings > Local Policies > Security Options.
- On the right pane, make sure that Network Access: Sharing and security model for local accounts is set to Classic- local users authenticate as themselves.
If the issue persists, do the following:
Contact Trend Micro Technical Support and provide the following:
- Copy of %WINDIR%\Ofcnt.log
- Copy of System Information
To get this:
- Click Windows Orb > All Programs Accessories > System Tools > System Information.
- Click File > Save and save it in .NFO format.