Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 10 subscribers
  • Views 6029 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Server Protection AD & Non-AD Clients handling issue

Riyad

hello everybody,

SEC was installed and Sophos Server Protection licensed was input, that time Active Directory was not present. Currently AD is created and clients are pushing into that AD one by one. The SEC server is also push into AD. 

Now can it be done in a way where -

* can SEC sever detect and handle both clients (AD/ Non-AD)? if YES then How that is possible!

* and if a Non-AD client push to AD then will SEC server recognize that client or have to do some customization on that?

Need urgent and perfect help on it.

 

Thanks in Advance



This thread was automatically locked due to age.
Parents
  • 0

    Hello Riyad,

    SEC is not AD integrated meaning it does not exhibit special behaviour w.r.t. AD.
    Discover in its different flavours is a manual action, in addition SEC can automatically import certain information (OUs, their structure, and contained Computer objects with their OS) from Active Directories. Optionally SEC can be instructed to attempt (only one try) Protect newly detected computers. If SEC detects that a computer is no longer under a sync'ed OU the computer is moved to the Unassigned group in the console. That's the whole scope of automation.

    Christian

  • 0 in reply to QC

    hello  

    Thank you for your reply over here. 

    SEC (Server Protection) is now doing operation and it's now a member of AD. All servers yet not into AD. fewer included and other will be included into AD.

    Problem is if anyone want to add all those Servers (AD and Non-AD) into SEC which is inside AD, then -

    The demands are -

    * The SEC will discover both Server (AD and Non-AD) and can add them easily

    * The SEC will have to the power to recognize and make those servers which will be shift their position from Non-AD to AD !

    ------are those possible if there could be possibly make an integration between SEC Server and The AD ?

  • +1 in reply to Riyad

    Hello Riyad,

    I think there is some misconception regarding SEC and "detection" of endpoints.
    While SEC can find, discover, import, whatever, ... computers by various means when it comes to actually manage them there's only one way to do it: The software (from the CID - directly or a copy) must be installed on the endpoint and the endpoint has to contact the server and register. It doesn't matter where (on which network) the endpoint is and whether it's already known to the server or not.
    Consequently if an endpoint joins or leaves a domain, or move to another one doesn't matter as long as it can communicate with the server. Depending on the circumstances it might appear as a new computer (in which case the "old" computer object will remain as a managed but disconnected computer) but it doesn't require any discovery from the SEC side.

    Christian

Reply
  • +1 in reply to Riyad

    Hello Riyad,

    I think there is some misconception regarding SEC and "detection" of endpoints.
    While SEC can find, discover, import, whatever, ... computers by various means when it comes to actually manage them there's only one way to do it: The software (from the CID - directly or a copy) must be installed on the endpoint and the endpoint has to contact the server and register. It doesn't matter where (on which network) the endpoint is and whether it's already known to the server or not.
    Consequently if an endpoint joins or leaves a domain, or move to another one doesn't matter as long as it can communicate with the server. Depending on the circumstances it might appear as a new computer (in which case the "old" computer object will remain as a managed but disconnected computer) but it doesn't require any discovery from the SEC side.

    Christian

Children
No Data
Unfiltered HTML