Purpose
This document will walk you through on configuring your machine so that it can be scanned while it is part of a workgroup and not in a domain.
Symptons
Although you have the correct credentials, Protect fails to scan a machine that is not part of a domain. Errors include 451 The specified user account requires administrative rights to the target machine. or 452 Unable to connect to the remote machine or 5: Access is Denied.
Resolution
For machines using Windows operating systems that employ the use of User Account Control (this includes Windows Vista or later and Windows Server 2008 or later), you must either:
Join the machines to a domain and then perform the scan using domain administrator credentials, or
Disable User Account Control (UAC) remote restrictions on the machines.
To do this:
1. Click Start, click Run, type regedit, and then press Enter.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
3. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
a. On the Edit menu, point to New, and then click DWORD Value.
b. Type LocalAccountTokenFilterPolicy and then press Enter.
4. Right-click LocalAccountTokenFilterPolicy and then click OK.
5. In the Value data box, type 1, and then click OK.
6. Exit Registry Editor.
For more details on disabling UAC remote restrictions, see http://support.microsoft.com/kb/951016