Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 3688 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD synchronised groups - some pcs need a different device control policy

ropi

Hello,

we have a problem with the policy management in sophos enterprise console. We use the SEC 5.1.0.1839

We have two AD synchronised groups - notebooks and desktop. Now we would like to use the device control policy to block all usb and cd rom drives. We set this policy to the two groups notebook and desktop.

So far so good.

The problem is, if there is one device which needs a usb or cd-rom drive we have no chance to realise this with the policies.

We can not move the device in a other group (because the AD synchronisation) with a different device control policy and we can not apply the device control policy to a device.

How can we allow a pc to use the cd-rom drive or a usb stick?

It would be nice if someone can help me.

Greeting

:37491


This thread was automatically locked due to age.
Parents
  • 0

    Hi Jak,

    i think i found the problem. My script is looking for "C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig" but the file SAVAdapterConfig is missing on my test device so the installation is running on every boot.

    i installed sohpos manually and the files are created during the installation but removed after a successful update.

    Can i only check for the autoupdate service like in your simplified test script? The ALsvc.exe file exists on my test device.

    EDIT: i used your sript and there is no echo that it needs a install. I tested it with my script and there is no echo too if i modfiy it with the echo command. But if i restart the pc the installation begins again :(

    EDIT2: Problem solved - the problem was the german XP. The path in the script with C:\Program Files could not be resolved. i changed it to %programfiles% and now its working fine.

    :37613
Reply
  • 0

    Hi Jak,

    i think i found the problem. My script is looking for "C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig" but the file SAVAdapterConfig is missing on my test device so the installation is running on every boot.

    i installed sohpos manually and the files are created during the installation but removed after a successful update.

    Can i only check for the autoupdate service like in your simplified test script? The ALsvc.exe file exists on my test device.

    EDIT: i used your sript and there is no echo that it needs a install. I tested it with my script and there is no echo too if i modfiy it with the echo command. But if i restart the pc the installation begins again :(

    EDIT2: Problem solved - the problem was the german XP. The path in the script with C:\Program Files could not be resolved. i changed it to %programfiles% and now its working fine.

    :37613
Children
No Data