Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 11467 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

POA users on managed endpoints

timw

Is it best practice to define POA local accounts on managed machines?

In the old 4.50 we had a set of PBA accounts which could be used by our support staff (via tokens) to gain access when user not present/or for recovery.

I've tested that i can create POA accounts on the managed machines, but the only way to do this is to create another configuration package and install this as well on the managed machines as well as the managed package, which seems a bit dirty.

Will this cause problems down the line? Do i need to specify a network location on these machines for the key backup locations, or just set it to the local drive and not worry about it as everything i need for a recovery will be available via the Management console?

Hope someone can clear this up!

Cheers

Tim

:9621


This thread was automatically locked due to age.
  • 0

    Hi Tim,

    thank you very much for bringing this up. Actually you are talking about two different things here:

    1. POA User accounts

    2. Recovery

    With regards to your description I can provide you with the following information regarding

    1. Applying these accounts together with a Client Configuration package is the only way to distribute these accounts on unmanaged clients. It is planned to have central deployment in one of the upcoming managed versions.

    2. You must always ensure that the bak file is present on an unmanaged client since they will never talk back to a server which means that recovery information are not send back. This happens only for managed clients.

    Regards

    Dan

    :10031
  • 0

    Thanks, I've had to drop the POA accounts entirely now as we need the machines to be managed.

    It's a shame this functionality can't be combined when using managed mode as I now have no way of allowing staff out on site visits access to locked machines any more, still at least they can call the service desk for a C/R to gain access.... i haven't broken the news to them yet..... :)

    :10069
  • 0

    Hi Tim,

    well POA accounts for managed accounts are currently planned for one of the next releases (probably 5.60 but not yet finally confirmed) so you might be lucky ;) Sales should be able to provide you with details on that.

    Maybe you should wait a little longer before spreading any bad news...

    Regards

    Dan

    :10073
  • 0

    I've now updated server and clients to 5.60 to hopefully benefit from the POA user support... however after creating the users and groups on the console they are not getting replicated down to the clients. If there any way to force this? I'm hoping i don't have to create another config pkg and roll that out to the clients as that seems crazy.

    This article claims it should work now.

    http://www.sophos.com/support/knowledgebase/article/110080.html

    :14023
  • 0

    Hello Tim,

    no you can assign the POA group via a Config Package for unmanaged client or centrally in the MC for managed clients.

    After you have created POA users and put them into a POA group, the POA group needs to be assigned onto OUs from within the MC. The tab is called "POA Group Assignment"

    If this will not help please get in touch with Sophos support.

    Regards,

    Tim

    :14025
  • 0

    Ideal, thats working a treat now! Cheers :)

    :14047
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?