Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 9613 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SafeGuard 5.x suspend POA / Autologon

Snooman

Hi, with a SafeGuard 5.x protected device:

is it possible do deactivate POA (e.g. for a number of Logins)

and perform a predefined autologon ?

:26287


This thread was automatically locked due to age.
  • 0

    It's better to get something like LogonExpert for safe autologging Windows on

    :26643
  • 0

    Hey Snooman,

    SafeGuard Enterprise offers a feature called Secure Wake on LAN to disable the POA for a specified number of reboots. We have a KBA that explains this feature but the KBA is currently under maintenance but alternatively, you can learn more about the SafeGuard Wake on LAN feature in the Safeguard Enterprise manual at http://www.sophos.com/en-us/medialibrary/PDFs/manuals/sgn_60_h_eng_admin_help.pdf

    Find a short extract below:

    "In the SafeGuard Management Center, you can define policy settings for Secure Wake on LAN
    (WOL) to prepare endpoint computers for software rollouts. If a relevant policy applies to endpoint
    computers, the necessary parameters (for example POA deactivation and a time interval for Wake
    on LAN) are transferred directly to the endpoint computers where parameters are analyzed.
    The rollout team can design a scheduling script using the commands provided to guarantee
    maximum endpoint computer protection despite the deactivation of POA.
    Note:
    Deactivating the POA - even for a limited number of boot processes - reduces the security of your
    system!
    You define the settings for Secure Wake on LAN (WOL) in a policy of the type Specific Machine
    Settings."

    Cheers,

    Chris

    :26681
  • 0

    Here's the command / s that needs to run on the client:. We use our machine management system to run the appropriate script at the beginning and end of a job.

    REM Enable WOL (Disable POA)
    REM Must be set-up in conjunction with Machine Settings Policy in SafeGuard Management Center

    IF %PROCESSOR_ARCHITECTURE%==x86 C:\Windows\System32\SGMCmdIntn.exe -WOLstart
    IF %PROCESSOR_ARCHITECTURE%==AMD64 C:\Windows\SysWOW64\SGMCmdIntn.exe -WOLstart

    -----------------------------------------------------------

    REM Disable WOL (Re-enable POA)
    REM Must be set-up in conjunction with Machine Settings Policy in SafeGuard Management Center

    IF %PROCESSOR_ARCHITECTURE%==x86 C:\Windows\System32\SGMCMDIntn.exe -WOLstop
    IF %PROCESSOR_ARCHITECTURE%==AMD64 C:\Windows\SysWOW64\SGMCMDIntn.exe -WOLstop

    ------------------------------------------------------------

    If I remember correctly, the admin guide suggests to add 3 extra reboots in the policy.

    Thus if you need to reboot the client twice (2), then set the policy as five (5).

    Regards,

    John

    :26937
Unfiltered HTML