Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 1169 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Stop specific machines from being deleted during AD Sync

Glitch

I'm still a little new to SGN, so maybe this is easier than I'm making it.

I am running SGN 5.50.8 and it's synched (manually) with our AD environment.  The way I understand this then is when a machine is deleted from AD then SGN deletes it in inventory as well.  My question is three parts:

1) How do I STOP a machine from being deleted from SGN when it's been purged from AD?

2) Can I undelete a machine from SGN (bring it back into inventory) without it existing in AD?

3) What happens if a machine is deleted in AD, but said machine checks back in with the SGN server later?  Will it still get the policy I gave it previously, or will it default to my root policy as if it was new?

Basically if a laptop is reported lost / stolen I want to lock it down through SGN and then ensure that even if that machine waits 6-12 months to go back on the internet it will still get that updated policy information (lock all users on machine, change it to a special Lockout Policy that forbids Guests, etc).  At best the computer will remain in AD for a couple months following the incident but sometimes our admins are too proactive and delete it very quickly.  I don't want that to affect my ability to lock down that computer should it ever report back in (which it will if it goes on the internet).

Thanks

:11409


This thread was automatically locked due to age.
  • 0

    I called in and opened a ticket on this and it sounds like there's no way to do this.  If the machine gets deleted from AD then it's gone when you sync and there's nothing you can do short of making sure it does NOT get deleted from AD in the first place.  Not the answer I was hoping for but at least I know where I need to focus.

    :11523
  • 0

    yes, there is no way to prevent a pc from not getting deleted from SafeGuard after it's deleted in AD.  although if the PC has not talked to the server is x amount of days, depending on how you set the policies, then it will automatically get locked out anyway.  If it does talk back to your safeguard server over the dmz and the pc is no longer in AD then it will show up in the "auto registered" group in the management center and still receive a policy.  is your locked out policy set at highest level?  this will ensure that all PCs that you assign to that policy will receive it even if they show up in the "auto registered" group.

    :11721
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?