Symptom
PC may stop unexpectedly and show an error on a blue screen after the Security Utility applies settings in Setup Assistant
Resolution
Microsoft's enhanced DCOM security restricting global anonymous policies changed recently.
1. Browse to the root directory of your OnGuard installation (default – C:\Program Files (x86)\OnGuard\).
2. Locate “sp2.xml” and open it in Notepad in administrator mode.
3. Find and remove these two <Setting> blocks (starting line 192):
<Setting name="Machine-wide access restrictions" action="Add machine-wide remote access right to the Anonymous Logon and Everyone users." type="AccessMask">
<RegValueName>MachineAccessRestriction</RegValueName>
<AccessMask type="access">4</AccessMask>
<AccountName condition="LNVUseAnonymousDCOM" type="well-known">S-1-5-7</AccountName>
<AccountName type="well-known">S-1-1-0</AccountName>
</Setting>
<Setting name="Machine-wide launch and activation restrictions" action="Add machine-wide remote activation right to the Anonymous Logon and Everyone users." type="AccessMask">
<RegValueName>MachineLaunchRestriction</RegValueName>
<AccessMask type="launch">16</AccessMask>
<AccountName condition="LNVUseAnonymousDCOM" type="well-known">S-1-5-7</AccountName>
<AccountName type="well-known">S-1-1-0</AccountName>
</Setting>
4. Save the file and re-run Setup Assistant.
Applies To
Windows 10 or above
OnGuard 7.4 and above
Additional Information
Copyright © 2022 Carrier. All rights reserved.
