POA users on managed endpoints

Question

Is it best practice to define POA local accounts on managed machines?

In the old 4.50 we had a set of PBA accounts which could be used by our support staff (via tokens) to gain access when user not present/or for recovery.

I've tested that i can create POA accounts on the managed machines, but the only way to do this is to create another configuration package and install this as well on the managed machines as well as the managed package, which seems a bit dirty.

Will this cause problems down the line? Do i need to specify a network location on these machines for the key backup locations, or just set it to the local drive and not worry about it as everything i need for a recovery will be available via the Management console?

Hope someone can clear this up!

Cheers

Tim

This thread was automatically locked due to age.

thimsche · Accepted Answer

Hello Tim, no you can assign the POA group via a Config Package for unmanaged client or centrally in the MC for managed clients. After you have created POA users and put them into a POA group, the POA group needs to be assigned onto OUs from within the MC. The tab is called "POA Group Assignment" If this will not help please get in touch with Sophos support. Regards, Tim :14025