Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 1 subscriber
  • Views 31216 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Insufficient privileges

nickm

Hi,

I'm running Sophos 9 standalone.

I started getting this, irrespective of the user account on this machine:

"You do not have sufficient privileges to run the Sophos Anti-Virus main application.
You are not a member of one of the Sophos groups. In order to be able to launch this application, you must be a member of SophosAdministrator, SophosPowerUser or SophosUser group. Please contact the Administrator."

I've looked at the relevant knowledge base article, but there seems to be nothing obvious I can do to fix this.  I can't assign users to the sophos groups on a standalone, can I?

I'm a bit concerned that this may be associated with an install of Chrome today, which won't run anymore.  Windows security center doesn't think that Sophos is running anymore, but the system tray icon is present, and seems to show update action.

I have downloaded and re-installed Sophos, but with the same result.

Any idea what is going on?  Sorry if I'm doing something daft here!

Nick

:2159


This thread was automatically locked due to age.
  • 0

    Hi Nick,

    You can assign users to the local groups of Sophos, however if you're using the same account now as when you were able to open Sophos it seems unlikely you are no longer of the local SophosAdministrators group.  It is worth checking though.  If you right click on my computer and choose manage, you should be able to find the users and groups,  from there, check who is a member of the above Sophos group.  Hopefully the account you are logged in as is.  If you do find yourself missing add yourself back in.  You will not need to log off and on before the permissions are granted.

    If the group membership looks good, and you also mention problems with other applications.  I would suggest permissions, either at a file or registry level are the most likely.  How much memory is the savservice.exe process consuming on the machine.  It should be in the order of ~60 to ~90 MB.  If it is significantly less, i.e. in the range of 10 MB, it would suggest the failure to load a significant portion of the components.

    You may wish to rule out a virus by running a command line scan of the machine, ideally this would be run from files taken from a known clean machine but you'll probably be safe running sav32cli from the local machine, to do so. launch a command prompt as administrator, navigate to "C:\Program Files\Sophos\Sophos Anti-Virus" or the relevant directory and run SAV32CLI.  It would be interesting to see, a) if this works, proving that the virus data is in good order and b) there doesn't appear to be any obvious piece of malware on the machine.

    Failing all this, I would suggest:

    1. Stop the SAVService (from using the service control manager SCM. Start->Run and type "services.msc"

    2. Get a copy of ProcessMonitor from http://live.sysinternals.com/Procmon.exe

    3. Start Process Monitor running.

    4. Start the SAVService using the SCM.

    5, After SAVService seems to have started stop Process Monitor from capturing

    6. Search for "Access Denied" this is usually a good place to start.

    7. Fix any permission problems on either the registry or files that are incorrect.  Ideally using a reference system to compare ACLs.

    8. Start SAVService.

    9. Start the GUI of SAV, hopefully all is in order.

    I hope this helps and gives you a few things to try.

    Thanks

    JAK

    :2160
  • 0

    Thanks Jak,

    I'm struggling to find the users and groups... under computer management, services and applications I have a 'Log On' tab for the SAV service with 'log on as this account: NT AUTHORITY\LocalService checked, plus a hidden password.  No sign of the groups you mentioned.  Sorry for ignorance here!

    Not sure if this will be any different if I log in with an administrator account....  I'll try now

    Nick

    :2192
  • 0

    Nope...  still the same - the admin user still has this same default logon for SAV.  Can't see the users and groups.

    Nick

    :2193
  • 0

    AAhh... I know why I can't find them!   I've got XP Home and users and groups only comes with XP professional.   I wonder if auto update has sent me a version of SAV that will only work with XP pro?

    Nick

    :2194
  • 0

    Hi,

    In a command prompt you could run:

    net localgroup

    to list the local groups on the machine.

    net localgroup Sophosadministrator

    will show you the members.  You could also use net.exe to add users to the group as required.

    Thanks

    :2216
  • 0

    Hi Jak,

    Thanks for this..  and your patience.  net localgroup revealed that the administrator user 'Boss' I was using is already in the SophosAdministrator group.  Using the  /add parameter with Boss gave the message 'user already in group'.   But I still can't run or uninstall Sophos in this, or any other user without the message 'insufficient privileges, you are not a member of any of the Sophos groups'.

    Unfortunately I can't start over again with re-install or uninstall, because I don't have the priviliges!

    Thanks,

    Nick

    :2230
  • 0

    Hi,

    Well at least that ruled out the obvious lack of group membership.  I would still recommend trying out the next steps:

    1.

    How much memory is the savservice.exe process consuming on the machine? 

    To check, run: taskmgr.exe - "Processes" tab - find SavService.exe - memory column.

    It should be in the order of ~60 to ~90 MB.  If it is significantly less, i.e. in the range of 10 MB, it would suggest the failure to load a significant portion of the components, certianly the virus data.

    2.

    You may wish to rule out a virus inhibiting the ability for Sophos to run by running a command line scan of the machine, ideally this would be run from files taken from a known clean machine but you'll probably be safe running sav32cli from the local machine, to do so. launch a command prompt as administrator, navigate to "C:\Program Files\Sophos\Sophos Anti-Virus" or the relevant directory and run SAV32CLI.  It would be interesting to see, a) if this works, proving that the virus data is in good order and b) there doesn't appear to be any obvious piece of malware on the machine stopping SAV from functioning.

    3.

    Failing all this, I would suggest:

    1. Stop the SAVService (from using the service control manager SCM. Start->Run and type "services.msc"

    2. Get a copy of ProcessMonitor from http://live.sysinternals.com/Procmon.exe

    3. Start Process Monitor running.

    4. Start the SAVService using the SCM.

    5, After SAVService seems to have started stop Process Monitor from capturing

    6. Search for "Access Denied" this is usually a good place to start.

    7. Fix any permission problems on either the registry or files that are incorrect.  Ideally using a reference system to compare ACLs.

    8. Start SAVService.

    9. Start the GUI of SAV, hopefully all is in order.

    I'd be interested if none of the above get us any closer to the problem.

    Thanks

    JAK

    :2231
  • 0

    Hello Nick,

    check the SIDs for the Sophos groups in %ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\config\machine.xml. They are at the top under <roles>. Use PsGetSid from the Sysinternals PsTools suite to verify that they map to the correct groups (and usually there should only be one SID per role).

    Christian

    :2233
  • 0

    That's definitely worth checking.  Any problems with psgetsid you could try runing in a command prompt:

    wmic group | find "Sophos"

    (I assume wmic exists on XP Home?)

    to give you the SID values of the Sophos groups, as Christian said, these should correspond to the values in machine.xml. 

    :2234
  • 0

    Jak,

    1. savservice is using about 70mb

    2. sav32cli ran ok, with lots of virus defs, nothing found

    3. savservice restarts ok, no 'access denied' messages captured by procmon

    Nick

    :2235