http://img269.echo.cx/img269/7140/norights9eg.jpg

It's interesting because we are using the administrator account and this machine is a domain controller so there is no local users and computers to check.

Any thoughts or ideas would be appreciated. Thanks!

I'd say its more of a problem weith MacAfee than windows. given that you are using the admin account. Are you trying to manage this locally in the AV program or are you trying to connect remotely using the management in it? How long has this been going on/ what was the last thing that was done before it started happening?

This was locally on the server itself. This has been going on for a few weeks (since we noticed the issue). No changes that I know of were made to the server to allow this error to occur. No upgrades or software changes. NAI won't give us support because our grant number expired and they don't want to renew it.

But yet we came in the office today and saw 50,000 messages from groupshield about not able to scan encrypted zips in our email, took an hour to delete them all. They are still popping up on the server, we don't know a way to "dismiss all" the popups rather than clicking the OK button on the popups 50k times. It's a mess.

well it looks like the problem is getting onto the mcafee control panel rather than a windows problem. there is an option to disable notifications but you need to get into the control center in order to do that. I would create an account with administrative rights locally on the DC or alternatively log in as a DS Admin and try to get into the control center that way. Sometimes the local admin account has issues like this which is why I tend to use my Domain admin account when doing anything that might look for domain wide permisions.

well it looks like the problem is getting onto the mcafee control panel rather than a windows problem. there is an option to disable notifications but you need to get into the control center in order to do that. I would create an account with administrative rights locally on the DC or alternatively log in as a DS Admin and try to get into the control center that way. Sometimes the local admin account has issues like this which is why I tend to use my Domain admin account when doing anything that might look for domain wide permisions.
I assume he is using the domain admin account, as when logging into a DC as 'administrator' that is what it uses given DC's have no local accounts. Creating another account with admin rights would be something to try.

and to clarify to the OP, you are using the administrator account right? not just an account that is in the admin group? if not then try using administrator rather than whatever account you may be using.

most likely the administrator domain account is 'disabled' its not a very good practice to allow that account to remain enabled as hackers then only have to guess the password given that the user name is already known. they would also be able to know whether the account is enabled or not simply by attempting to login once. If it is disabled it will say so if not it will say invalid username or password.

We have used the "administrator account" plus my account which is a domain admin. neither are working. We haven't tried with a brand spanking new account yet. That is something to definately try! Thanks. (will fill you in tomorrow with results of that).

I know that the admin account should be disabled, but for some reason this corp is set up differently and that's the way they decided they want things, so who am I to argue with them (politics).

Another thing I did not mention is are you running an epo server? often times this might limit your access when atempting to change or manipulate settings as well. Either the epo or another server might have cntrol over all the antivirus settings. Also check any group policies that might override local security settings and might restrict access even to administrators. If you can also try and logon to the server using the local admin account. since its a domain controller under 2000 you mgiht not have access though I seem to remember it being possible. Let us know how it goes, I can ask my lan admin at work tommorow if he has any other ideas to try, he's far more familiar with server 2000 and mcafee than I.

As far as the domain administrator goes I'm frankly shocked I can't believe a corporation would be so lacking in their security policy. At the very least I hope that there is no remote acces and the password meets very stingent complexity requirements. it would also be good to have an excellent lockout policy that requires the an admin tio unlock the account

Another thing I did not mention is are you running an epo server? often times this might limit your access when atempting to change or manipulate settings as well. Either the epo or another server might have cntrol over all the antivirus settings. Also check any group policies that might override local security settings and might restrict access even to administrators. If you can also try and logon to the server using the local admin account. since its a domain controller under 2000 you mgiht not have access though I seem to remember it being possible. Let us know how it goes, I can ask my lan admin at work tommorow if he has any other ideas to try, he's far more familiar with server 2000 and mcafee than I.

As far as the domain administrator goes I'm frankly shocked I can't believe a corporation would be so lacking in their security policy. At the very least I hope that there is no remote acces and the password meets very stingent complexity requirements. it would also be good to have an excellent lockout policy that requires the an admin tio unlock the account

meh, corp I used to work for didnt disable it, however we all had our own accounts we used for administration. And the domain admin/enterprise admin accounts had some sick passwords on them and the lockout policy was 3 attempts before it was locked(for every account, no exception), and it had to be manualy reset (by one of us) never had any problems or attempts at all. Tho that company did go under with the .com burst but that was because of poor money management and the company had an identity crisis of what market it was in :D

I'm guessing that the Mcafee system runs a few services, some probably using domain accounts. Check the service setup to see what account(s) is being used and make sure that account isn't locked out; perhaps the password expired or something else happened so the Mcafee service using it cannot run, causing the system to partially fail.