Fix: Windows 2008 server is displayed as Windows Vista in McAfee EPO agent console


One of my newly deployed Windows 2008 servers was being identified in the McAfee EPO 4.0 admin console as a Windows Vista machine. This was curious to me, since I had created this Windows 2008 server from the same media as it’s predecessors, and had installed all the same versions of software onto it, such as the Common Management Agent 3.6 patch 3, aka FramePkg.exe.

The instructions I received from McAfee Technical support said to copy the sitelist.xml file from the EPO server’s \Program Files\McAfee\ePolicy Orchestrator\DB directory, and paste it into the C:\Documents and Settings\All Users\Application data\McAfee\Common Framework directory on the Windows 2008 server.

First of all, in Windows 2008 C:\Documents and Settings is hidden by default, so in Windows Explorer I had to select Organize – Folder and Search Options – View – Show hidden files and folders in order to even see C:\Documents and Settings.

When I clicked on the C:\Documents and Settings directory, I immediately received the following error, despite being logged in with my domain admin credentials:

C:\Documents and Settings is not accessible. Access is denied.

I noticed the local administators group, which domain admins is a member of, did not have explicit permissions assigned to the directory, so I attempted to assign them, but was once again denied access. I checked ownership, and saw SYSTEM was the owner, so I tried to take ownership of the directory, but was denied. Only after logging in as the local administrator was I able to take ownership, and assign myself rights to the file system.

After much googling I was able to determine the cause of this problem. In Windows Server 2008 (and Windows Vista) the familiar old XP file/directory structure has been replaced. C:\Documents and Settings no longer physically exists, but has been replaced by junction points which are used for backwards compatibility with legacy applications.

These junction points are like shortcuts to the actual data locations, and are not meant to be navigated by the system administrator. The ACLs are set to ““Everyone Deny Read”. Applications must have permissions in order to call out and traverse a specific path.

To make a long story short, instead of placing the sitelist.xml file in the C:\Documents and Settings\All Users\Application data\McAfee\Common Framework directory on the Windows 2008 server, I had to put it in the C:\ProgramData\McAfee\Common Framework directory instead.

I then restarted the McAfee Framework service on the Windows 2008 server. I waited about an hour (not sure if this is necessary, but I was busy), then verified the correct operating system was properly detected on the EPO admin console.

I asked McAfee how to get our custom sitelist.xml file into the new FramePkg.exe file for deployment, and he said that shouldn’t be necessary. If we experience another case like this where the client OS is misidentified for some reason, they will work with us to determine the cause of the problem, rather than have us apply the band-aid fix after the fact.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: