Sophos Endpoint Security and Control with NAC

No one one with this problem...couldn't believe...

Helly sandy,

i tried to evaluate this over a support ticket. But after the 5th round of "please send us more reports" i broke up, because whe have a very big campus here and i haven't the time to spend evry day 2 hours with running around a collect logs. So i take this way, in hope other people have the same problems.

Gorek

Hello Gorek,

can't help you neither with the issue nor with support (sometimes a little bit insistence is needed) but running around and collect logs caught my eye. Are these logs collected with SDU? If you can Protect computers you can also run SDU remotely - and if you can set up a writable share which the clients can access they'll "collect them themselves".

Christian

Hello Christian,

Okay can you give me a workaround to setup SDU remotly? If this is possible i can take another round with the support.

Gorek

Hello Gorek,

based on How to: Run the Sophos Diagnostic Utility (SDU) on a remote computer I've created a writable share (SDU) on the server for the SDU files and a subdirectory SDUOutput (NTFS permits write). Scheduling the task is wrapped in a small .bat file:

@echo off
Rem run SDU remotely
IF "%1" EQU "" GOTO notarget
IF NOT EXIST \\server\SDU\SDUOutput\%1 mkdir \\server\SDU\SDUOutput\%1
schtasks /create /s %1 /ru adminUser /rp * /sc once /st 23:59:59 /tn "Sophos Diagnose" /tr "\\server\SDU\sducli.exe -logdir=\\server\SDU\SDUOutput\%1\"
schtasks /run /s %1 /tn "Sophos Diagnose"
Exit /b 0
:notarget
Echo No Client specified
Exit /b 1

Each client creates its own subdirectory as the -logdir for SDU is also the working directory.

Christian