As part of testing, I was playing with a couple of laptops with Symantec Client Security.
Removing Symantec when smoothly, that was until I tried to enable the Window XP Sp 2 firewall after rebooting.
This charming error appeared when I attempted to start the Firewall service:
Error 0×80004015: The class is configured to run as a security id different from the caller
I guessed that Symantec had mangled something in the registry and hadn’t clean it up on removal.
After a bit of digging KB892199 provide to have the answer. Basically the permissions in two registry keys were stuffed up.
Using my mastery of the batch file, I knocked up this as part of a script to prepare a system for Forefront install
After a reboot the XP firewall started up as if Symantec had never been there.