Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

Thanks for the additional information. I’ve flagged your message for a Norton Staffer to see and use the information. Watch out for someone with their name in red …

Hi andrewsi,

Thank you very much. Which specific KB article should be updated? We want to be sure we're communicating the issues effectively, so any information you provide is appreciated. Thanks! 

The document ID is as follows: Document ID: 2008042902410479

This KB states that all you need to do is add the domain user name to the local administrators group.  As mentioned above, this doesn't cure anything, unfortunately - you have to actually add a second, local-machine-only user account to the box, with the same name and password as the domain account.  After logging into that account at least once, and then back to the domain account, then it seems that Norton will behave correctly.

Thanks!

Andy

Thanks Andy. The team is evaluating the additional information to see if it should be included in the document.

I just installed NIS2008 on a Vista SP1 machine, which is joined to a WS2003 domain.

What I find is that when I'm logged into a local-only account that has admin privs on the machine in question, everything in NIS works normally. I get popups when I run a new application which allows me to accept or reject the network traffic, and rules get automatically created in the program list for the firewall, and everything's happy.

However, when I'm logged in with my domain account (which is a domain admin, and which also explicitly has local admin privs on this machine), then the firewall is a mess.

1) No popups occur ever.

2) When I run a new app, the NIS log shows that "the user, this once, opted to reject communications blah blah blah." so that I never get the option to add my apps to the firewall - in fact, what happens is the rule gets auto-added with specific types of communication permitted, but even that type of communication is explicitly rejected with the log messages above and the apps simply fail.  The only thing that works, short of disabling the firewall altogether, is to go to the program list and to change all "Auto" apps to "Allow" by hand - which of course gives them completely unfettered access.

I did find a knowledge base article which appeared to address this problem, but all it said to do was to add the domain user account to the local admins group, but since that account is already a member of that group, this was no help.

Tech support was also of no help.  In fact, the tech support guy in the chat/remote session chose to reboot my machine and cut off the session when he ran out of ideas, which I found unbelievably unprofessional.  I do have the transcript, however.

I'm hoping someone here can help me find a way to make this work, it's not feasible to not use my domain account for normal work.

Thanks,

Andy

Think I found a solution using this post: http://community.norton.com/norton/board/message?board.id=Norton_360&message.id=1122#M1122.

However, unlike the claim in this post, I did have to do some logging in/logging out to the "shadow" local account to get it properly recognized as an admin account, and after logging back into the domain account, popups and rules appearing to be functioning correctly without "hidden" rejections getting applied without asking me first. :-)

The KB article on Symantec.com should probably be updated, as simply adding the domain account to the local admins group does not appear to be sufficient to solve this problem.  I really think this should be investigated for the next release so that this workaround is not required.