Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 2400 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Local Self Help on 5.50.117

Visitant

Now that I have upgraded to the 5.50.117 service pack, it looks like the Local Self Help feature now works only on standalone clients, and not managed clients?

I have policies set up for Local Self Help, I can answer the Local Self Help questions on the client, but the managed clients only have the "Challenge/Response" option when I click on "Recovery" from the POA, even though the Client tells me that LSH is active and enabled.  And this is on a machine that does not have FingerPrint POA login enabled in policy.

Additionally, now, when I hover over the policy option for turning LSH on in the Management Console, it puts up a help text saying this policy is for standalone clients only.

I was under the impression that 5.5 added this option for managed clients, and I would also swear that I had this working before the 5.50.117 upgrade.

Or am I just crazy?

:5302


This thread was automatically locked due to age.
  • 0

    When I try to cklick the "Moved To:" link, I get an error that I don't have privleges to get there.

    What does it mean when my post becomes "Red Flag Content"?

    :5733
  • 0

    Ok, I think understand now - there was a reply to my original posting that contained advertising, and you had to remove the post because of it?

    :5739
  • 0

    That's exactly what happened. Sorry for the confusion.

    :5772
  • 0
    Visitant wrote:

    Now that I have upgraded to the 5.50.117 service pack, it looks like the Local Self Help feature now works only on standalone clients, and not managed clients?

    I have policies set up for Local Self Help, I can answer the Local Self Help questions on the client, but the managed clients only have the "Challenge/Response" option when I click on "Recovery" from the POA, even though the Client tells me that LSH is active and enabled.  And this is on a machine that does not have FingerPrint POA login enabled in policy.

    Additionally, now, when I hover over the policy option for turning LSH on in the Management Console, it puts up a help text saying this policy is for standalone clients only.

    I was under the impression that 5.5 added this option for managed clients, and I would also swear that I had this working before the 5.50.117 upgrade.

    Or am I just crazy?

    Hi Visitant,

    Thank you for posting your question on the SophosTalk community forums.

    You have a few question there so I will try to answer them all.

    "Now that I have upgraded to the 5.50.117 service pack, it looks like the Local Self Help feature now works only on standalone clients, and not managed clients?"

    DAS: 5.50.1.17 does support managed clients, that is one of the enhancements for the 5.50.0 version.

    "I have policies set up for Local Self Help, I can answer the Local Self Help questions on the client, but the managed clients only have the "Challenge/Response" option when I click on "Recovery" from the POA, even though the Client tells me that LSH is active and enabled.  And this is on a machine that does not have FingerPrint POA login enabled in policy."

    DAS: Not exactly sure what is going on there but I have to ask if you upgraded the SGN MC, SGN Server and the SGN Client all to 5.50.1.17?

    "Additionally, now, when I hover over the policy option for turning LSH on in the Management Console, it puts up a help text saying this policy is for standalone clients only."

    DAS: My lab server reads the same when I hover over the same setting in the SGN MC. I have a feeling that was an oversight. Sorry for the confusion.

    "I was under the impression that 5.5 added this option for managed clients, and I would also swear that I had this working before the 5.50.117 upgrade"

    DAS: You are under the correct impression. Not sure what a happened post upgrade but I have a feeling something is out of sync.

    "Or am I just crazy?"

    DAS: Sorry, I'm not trained nor qualified to answer this question. But I am allowed to guess and I'd say you are not, you just need to upgrade to 5.50.8.13 which was released November 2nd. Please check with your Sophos Technical Support representative to provide you with the software images for 5.50.8.13.

    :5776
  • 0

    Thanks for the response.

    I ended up opening a ticket with tech support, and it seems what happened is this:

    At the same time that I upgraded the server, I did some clean up, and I renamed the group that I had the fingerprint reader policy attached to.  Apparently, in the renaming process, something with the policy became corrupt, because from that point on, all the logs that I was requested to send to tech support showed the fingerprint policy overriding the default policy that I had, which had the effect of disabling LSH in the POA.  This, despite that all the RSOP reports showed the correct policies being applied.

    I ended up having to delete the old group, recreate it with a new name, and reapply the fingerprint policy to it.  I also had to move the policy up above the default policy in the priorites for the domain.  It's all working fine now.

    "5.50.8.13 which was released November 2nd." - is this something i should still pursue?  What's new/changed?

    :5777
  • 0
    DSchwartzberg wrote:
    "Additionally, now, when I hover over the policy option for turning LSH on in the Management Console, it puts up a help text saying this policy is for standalone clients only."

    DAS: My lab server reads the same when I hover over the same setting in the SGN MC. I have a feeling that was an oversight. Sorry for the confusion.

    I asked about this when I opened the ticket and was told that it is a known issue which has already been reported to development.

    :5778
  • 0
    Visitant wrote:

    Thanks for the response.

    I ended up opening a ticket with tech support, and it seems what happened is this:

    At the same time that I upgraded the server, I did some clean up, and I renamed the group that I had the fingerprint reader policy attached to.  Apparently, in the renaming process, something with the policy became corrupt, because from that point on, all the logs that I was requested to send to tech support showed the fingerprint policy overriding the default policy that I had, which had the effect of disabling LSH in the POA.  This, despite that all the RSOP reports showed the correct policies being applied.

    I ended up having to delete the old group, recreate it with a new name, and reapply the fingerprint policy to it.  I also had to move the policy up above the default policy in the priorities for the domain.  It's all working fine now.

    "5.50.8.13 which was released November 2nd." - is this something i should still pursue?  What's new/changed?


    The Release Notes are found here and if you have trouble accessing that URL you will be able to using your Sophos credentials. In summary, this is what's new:

    • Windows 7 Support for Configuration Protection
    • Fast Initial Encryption
    • Improved Encryption Performance (DE and DX modules)

    As a side note, I haven't been to St Louis in some time, but I'm scheduled to be there December 2nd for a Sophos hosted Anatomy of an Attack event. Check with your Account Manager for location details (because I still don't know) and getting on the guest roster. Hope to see you there!

    :5780
  • 0
    DSchwartzberg wrote:

    As a side note, I haven't been to St Louis in some time, but I'm scheduled to be there December 2nd for a Sophos hosted Anatomy of an Attack event. Check with your Account Manager for location details (because I still don't know) and getting on the guest roster. Hope to see you there!

    What a coinicidence!  I just signed up for this earlier this morning!

    Guess I will see you there!

    :5784
Unfiltered HTML