Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 4042 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client protection with local Windows Policies Enabled

uiltgilgiluhgjo

Hey

I Configured a Server (Workgroup Enviroment) with sophos Enterprise Console 5 which works on clients with no local windows policies enabled all clients get there updates and sophos works very well.

Now i got another network with the same configuration only now all this clients have Windows security policies enabled.

Now when i try to push sophos to this Client i get the 3051 error which means the Server cannot create the SophosSAU<computername> or the password(policy) account for some reason.

Things i done to solve this problem:\

- Put policies off > Result is that everything works but i want policies enabled so this is not a solution for me.

The fault is that  the clients policy ask for a complex password  like 7 characters and a number for example

which causes Enterprise Console to give the 3051 error

My question is:

- Is there a possibilty to let the server (Enterprise Console) make a  local SophosSAU<computername> account  on the client with a complex password? and how to do that? or a workaround for this?

Greets Ronnie

EDIT:

i found this topic:

http://www.sophos.com/support/knowledgebase/article/48910.html

My question is is this for server side or client side? and anything to configure after?

:22283


This thread was automatically locked due to age.
Parents
  • 0

    Ok as promised here is my script i use for pre configuring clients when password policies enabled:

    echo off
REM
REM=====Make Local Account on Client======
REM
net user SophosSAU%COMPUTERNAME%0 <Enter Password here> /add /comment:"Account for updating Sophos" /passwordchg:NO
wmic useraccount where "name='SophosSAU%COMPUTERNAME%0'" set passwordexpires=FALSE
net localgroup "Users" SophosSAU%COMPUTERNAME%0 /ADD
REM
REM
REM======Add Username Regedit=====
REM
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Service /v "Download User" /t REG_SZ /d SophosSAU%Computername%0 /f
REM
REM======Add Password Regedit=====
REM
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Service /v "Download Password" /t REG_SZ /d <Enter Password here> /f
REM
REM======Add Obfuscated==
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Service /v "ObfuscatedPassword" /t REG_DWORD /d 00000000 /f
REM
REM======Add Userpreset==
REM
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Service /v "UserPreset" /t REG_DWORD /d 00000001 /f
pause
exit
    :22391
Reply
  • 0

    Ok as promised here is my script i use for pre configuring clients when password policies enabled:

    echo off
REM
REM=====Make Local Account on Client======
REM
net user SophosSAU%COMPUTERNAME%0 <Enter Password here> /add /comment:"Account for updating Sophos" /passwordchg:NO
wmic useraccount where "name='SophosSAU%COMPUTERNAME%0'" set passwordexpires=FALSE
net localgroup "Users" SophosSAU%COMPUTERNAME%0 /ADD
REM
REM
REM======Add Username Regedit=====
REM
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Service /v "Download User" /t REG_SZ /d SophosSAU%Computername%0 /f
REM
REM======Add Password Regedit=====
REM
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Service /v "Download Password" /t REG_SZ /d <Enter Password here> /f
REM
REM======Add Obfuscated==
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Service /v "ObfuscatedPassword" /t REG_DWORD /d 00000000 /f
REM
REM======Add Userpreset==
REM
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Service /v "UserPreset" /t REG_DWORD /d 00000001 /f
pause
exit
    :22391
Children
No Data