TEMP Folder Security Test
Hi,
On my EV 10.4 CHF3 server I'm running SymHelp before upgrading to EV11.0.1 and keep getting an error for "TEMP Folder Security Test" in the Enterprise Vault 11.0.1 requirements.
The full text is:
Error TEMP Folder Security Test Error TEMP folder 'H:\AppData\Local\Temp\' does not satisfy security requirements. See the 'Installing and Configuring' manual for details of the TEMP folder security requirements.
The folder only has SYSTEM and (Local) Administrators with full control. There are no inherited permissions.
I have moved TEMP on this particular server and have other servers where TEMP is located in the default and get the same reported.
I have gone through https://support.symantec.com/en_US/article.HOWTO108117.html and https://support.symantec.com/en_US/article.TECH224726.html and while I'm confident to add either of the Registry entries to work-around this I'd rather try and understand the problem.
Any help is greatly appreciated.
I have tested all sorts of settings and configurations in my lab (10.0.4 and running the SymHelp checks in relation to upgrading to 11.0.1) in relation to this and the outcome is below:-
I have had the below configurations:-
-
System and Local Administrators
-
System, Local Admins and VSA
-
System and VSA
-
System only
-
Local Admins only (ensuring the VSA was a direct member of the Local Admins group and not just a member of a nested group)
-
VSA only
All of the above have failed the security tests and thrown the same error message, I have tried this on several locations as well, system drive and seperate drive.
I then had a 11.0.1 lab and ensured all was running as expected, EV working as expected.
Ran SymHelp, same error message again, due to all of the above I strongly believe it to be a bug in the SymHelp checks and have forwarded the concern onto the relevant team to look into and double check/correct for a future SymHelp release.
Due to the above, personally, I would ignore it for now as I honestly do not believe there to be any cause for concern.
-
FYI
I worked this through with support and adding the "TempFolderExceptions" with my VSA added stopped SymHelp reporting the error. The folder still has the correct permissions as above.
Additionally I completed the upgrade from 10.0.4 to 11.0.1 without issue.
So there appears to be something wrong with the SymHelp check as the VSA is a member of the Local Administrators group which should "pass" as per TECH224726.
Thanks everyone for the assistance.