Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 974 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Weirdness on management console

RobertL

Ref: Sophos Endpoint Security and Control, version 9.5

I'm helping out a small company with some issues, and I wanted to exclude a backup device from being scanned.  Whoever installed this software on this Windows 2003 R2 server managed to create, in Active Directory,  "SophosAdministrator" as a user and not as a group.

I detected this because the console shows most of the option grayed out. 

So, I renamed the user to "Sophos_Administrator" and then created the group "SophosAdministrator", and then put the server local admin into the group.  Then I rebooted the server, logged in as the local admin, but everything is still grayed out. 

I have no idea what to do now.  Any suggestions?  Thanks!

:8617


This thread was automatically locked due to age.
Parents
  • 0

    So it's the SAV GUI we are talking about. The last item in the Help and information box is View product information. Under General you have a line with Current user rights - the value should be Sophos Administrator but from your description I guess it is not. BTW: Is this a DC or a member server?

    Open machine.xml in %ALLUSERSPROFILE%\Sophos\Sophos Anti-Virus\config\. You'll see something like:

    <security>
           <roles>
                <role name="SophosAdministrator"><SID>S-1-5-21-1234567890-1234567890-123456789-1111</SID></role>
                <role name="SophosPowerUser"><SID>S-1-5-21-1234567890-1234567890-123456789-1112</SID></role>
                <role name="SophosUser"><SID>S-1-5-21-1234567890-1234567890-123456789-1113</SID></role>
           </roles>

    There might be more than one <SID></SID> value. Use PsGetSid from the Sysinternals PsTools suite to verify that they map to the correct groups. You can use PsGetSid to obtain the correct values and replace them in machine.xml.

    HTH

    Christian

    :8677
Reply
  • 0

    So it's the SAV GUI we are talking about. The last item in the Help and information box is View product information. Under General you have a line with Current user rights - the value should be Sophos Administrator but from your description I guess it is not. BTW: Is this a DC or a member server?

    Open machine.xml in %ALLUSERSPROFILE%\Sophos\Sophos Anti-Virus\config\. You'll see something like:

    <security>
           <roles>
                <role name="SophosAdministrator"><SID>S-1-5-21-1234567890-1234567890-123456789-1111</SID></role>
                <role name="SophosPowerUser"><SID>S-1-5-21-1234567890-1234567890-123456789-1112</SID></role>
                <role name="SophosUser"><SID>S-1-5-21-1234567890-1234567890-123456789-1113</SID></role>
           </roles>

    There might be more than one <SID></SID> value. Use PsGetSid from the Sysinternals PsTools suite to verify that they map to the correct groups. You can use PsGetSid to obtain the correct values and replace them in machine.xml.

    HTH

    Christian

    :8677
Children
No Data