Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 3692 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD synchronised groups - some pcs need a different device control policy

ropi

Hello,

we have a problem with the policy management in sophos enterprise console. We use the SEC 5.1.0.1839

We have two AD synchronised groups - notebooks and desktop. Now we would like to use the device control policy to block all usb and cd rom drives. We set this policy to the two groups notebook and desktop.

So far so good.

The problem is, if there is one device which needs a usb or cd-rom drive we have no chance to realise this with the policies.

We can not move the device in a other group (because the AD synchronisation) with a different device control policy and we can not apply the device control policy to a device.

How can we allow a pc to use the cd-rom drive or a usb stick?

It would be nice if someone can help me.

Greeting

:37491


This thread was automatically locked due to age.
Parents
  • 0

    Hi Jak,

    i created the AD script like described in your link.

    I created a gpo too and added the AD script. Now i have a test device linked to the gpo with the start script. The sophos was installed correctly but if i reboot the pc the installation is running again. On every boot the sophos installation is started while i created the login script like this:

    @ECHO OFF
         REM --- Check for an existing installation of Sophos AutoUpdate on 32-bit (the 'Sophos AutoUpdate Service' process)
         IF EXIST "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" goto _End
         REM --- Check for an existing installation of Sophos AutoUpdate on 64-bit (the 'Sophos AutoUpdate Service' process)
         IF EXIST "C:\Program Files (x86)\Sophos\AutoUpdate\ALSVC.exe" goto _End
         REM --- Check for an existing installation of Sophos Anti-Virus on 2003/XP (the SAV adapter config file)
         IF EXIST "C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig" goto _End
         REM --- Check for an existing installation of Sophos Anti-Virus on Vista+ (the SAV adapter config file)
         IF EXIST "C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig" goto _End
         REM --- Deploy to Windows 2000/XP/2003/Vista/Windows7/2008/2008-R2
         \\SERVER\SophosUpdate\CIDs\Sxxx\SAVSCFXP\Setup.exe -updp "\\SERVER\SophosUpdate\CIDs\Sxxx\SAVSCFXP" -user USER -pwd PWD -mng yes
         REM --- End of the script
         :_End

    What did i wrong?

    :37609
Reply
  • 0

    Hi Jak,

    i created the AD script like described in your link.

    I created a gpo too and added the AD script. Now i have a test device linked to the gpo with the start script. The sophos was installed correctly but if i reboot the pc the installation is running again. On every boot the sophos installation is started while i created the login script like this:

    @ECHO OFF
         REM --- Check for an existing installation of Sophos AutoUpdate on 32-bit (the 'Sophos AutoUpdate Service' process)
         IF EXIST "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" goto _End
         REM --- Check for an existing installation of Sophos AutoUpdate on 64-bit (the 'Sophos AutoUpdate Service' process)
         IF EXIST "C:\Program Files (x86)\Sophos\AutoUpdate\ALSVC.exe" goto _End
         REM --- Check for an existing installation of Sophos Anti-Virus on 2003/XP (the SAV adapter config file)
         IF EXIST "C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig" goto _End
         REM --- Check for an existing installation of Sophos Anti-Virus on Vista+ (the SAV adapter config file)
         IF EXIST "C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig" goto _End
         REM --- Deploy to Windows 2000/XP/2003/Vista/Windows7/2008/2008-R2
         \\SERVER\SophosUpdate\CIDs\Sxxx\SAVSCFXP\Setup.exe -updp "\\SERVER\SophosUpdate\CIDs\Sxxx\SAVSCFXP" -user USER -pwd PWD -mng yes
         REM --- End of the script
         :_End

    What did i wrong?

    :37609
Children
No Data