Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 10 subscribers
  • Views 7245 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to tell which sophos central a endpoint is connected to ?

Simon Wilks

sorry thought i asked this yesterday by cant see...

 

I Have many customers with endpoints in their sophos central.

I have a computer with sophos on it, i is the whrong one for that customer so i need to remove it.

I need to find whuck sophos central is is in so i can disable tamper

 

any pointers pls?



This thread was automatically locked due to age.
  • 0

    Hello  ,

    You can disable tamper protection using this method if you cannot locate the device, and then re-install Sophos with an installer downloaded from the correct Sophos Central account.

    Otherwise there is C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\customeridentifier.txt that may help identify which Central account the device is in. The content of the file is not an explicit name, so you will need Support's help in tracking the account name down.

     

    Thanks,

  • 0

    In Central, the URL for a computer takes the form:

    https://central.sophos.com/manage/endpoint/devices/computers/41b17f17-cd53-04a6-bb5c-ada356253ee7

    so:

    https://central.sophos.com/manage/endpoint/devices/computers/

    plus the unique ID for the computer.  This ID for the computer can be found in:
    \ProgramData\Sophos\Management Communications System\Endpoint\Persist\EndpointIdentity.txt

    If you're logged out of Central and visit the URL, for example:
    https://central.sophos.com/manage/endpoint/devices/computers/41b17f17-cd53-04a6-bb5c-ada356253ee7
    you will be asked to log in and then it will redirect you.

    If you choose the right login, you will get the summary of the device, if not you will not.  This might save a little time.

    Otherwise, from either the contentes of CustomerID under: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\AutoUpdate\ or from C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\CustomerIdentifier.txt you can get the customer ID, the machine belongs to.  

    If you're in the Partner Portal, if you open the Dev Tools of the browser, and view the page that has all the accounts, in the API response (XHR) you can find the JSON that has all the customer IDs, this also has the friendly name of the customer if that makes sense.

    Another option might be to add a "marker" that is unique for the customer,  E.g. In global scanning exclusions - https://central.sophos.com/manage/config/settings/scanning-exclusions you could create a simple marker for each account you manage e.g. a Windows Exclusion for "AccountX".  You can then check the client under:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\Scanning\Config\ OnAccessExcludeFilePaths for the value.

    Regards,
    Jak

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML