Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 1 subscriber
  • Views 31205 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Insufficient privileges

nickm

Hi,

I'm running Sophos 9 standalone.

I started getting this, irrespective of the user account on this machine:

"You do not have sufficient privileges to run the Sophos Anti-Virus main application.
You are not a member of one of the Sophos groups. In order to be able to launch this application, you must be a member of SophosAdministrator, SophosPowerUser or SophosUser group. Please contact the Administrator."

I've looked at the relevant knowledge base article, but there seems to be nothing obvious I can do to fix this.  I can't assign users to the sophos groups on a standalone, can I?

I'm a bit concerned that this may be associated with an install of Chrome today, which won't run anymore.  Windows security center doesn't think that Sophos is running anymore, but the system tray icon is present, and seems to show update action.

I have downloaded and re-installed Sophos, but with the same result.

Any idea what is going on?  Sorry if I'm doing something daft here!

Nick

:2159


This thread was automatically locked due to age.
  • 0

    In that case ensuring that the SID values in the machine.xml file match up with the SID values of the local Sophos groups is all I can think of. 

    Do do so, in the file:

    "%allusersprofile%\Sophos\Sophos Anti-Virus\config\machine.xml"

    if you open it in Notepad/IE you will see something like:

                    <roles>
                        <role name="SophosAdministrator"><SID>S-1-5-21-2890488368-3851612205-1539888699-1005</SID></role>
                        <role name="SophosPowerUser"><SID>S-1-5-21-2890488368-3851612205-1539888699-1004</SID></role>
                        <role name="SophosUser"><SID>S-1-5-21-2890488368-3851612205-1539888699-1003</SID></role>
                    </roles>

    where the SID values above will be the SID values of your local Sophos groups as checked using the techniques mentioned in the previous posts.  If there is a difference you should be able to stop the Sophos AntiVirus Service, replace the SID values with the correct values, save the file and restart the service.  You should then be able to launch the interface of Sophos.

    If the SID matching is fruitless I  would suggest getting in touch with Support, unless anyone else can think of anything to try, mentioning this forum post to save going over the same tests? 

    You may like to run a copy of the Sophos Log gathering tools:

    http://www.sophos.com/support/knowledgebase/article/33556.html

    And attach the sdu file to the request to speed things up. 

    Thanks and good luck.

    JAK

    :2247
  • 0

    I cloned a VMware vSphere template today that had Sophos Enpoint security on it, and had an issue where the SIDs of the Sophos groups changed. I couldn't open the management app on the VM and the profile would not update. The above fix of editing the machine.xml file worked for me. Thank you!

    :6385
  • 0

    Hi,

    We also have this problem: after a pc got a Ghost-image users have no privileges to run the Sophos Application.

    I had a look in C:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml.

    PsGetsid.exe gives different numbers on the 3 usergroups.

    When I update the XML-file with these numbers and reboot the workstation the original values are stored in the XML-file!

    Do you have a solution for this problem (other then installation after Ghost)?

    (We make use of Windows 7 and a new Ghost Walker, with XP and the previous Ghost Walker there was no problem.)

    :12545
  • 0

    Hello Wouter,

    before updating you should stop the SAV service as outlined here.

    There's an article suggesting to remove all components except AutoUpdate before the imaging process.

    HTH

    Christian

    :12547
  • 0

    Hi Christian,

    Thanks for your help.

    I will read it, this will be the official way.

    We use the standalone version and update via internal website.

    In the meantime I found an old method for use after loading an image:

    del "C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\cidsync.upd"

    MsiExec.exe /i "C:\ProgramData\Sophos\AutoUpdate\Cache\savxp\Sophos Anti-Virus.msi" REINSTALL=ALL REINSTALLMODE=voums UPDATEDRIVERS=0 /l*v %temp%\msi.log /qb

    But your method will be better....

    Regards,

    Wouter

    :12553
  • 0

    If you opent task manager and stop all SAV services you should not have an issues uninstlaling the sophos product if you are apart of the correct groups.   Ive seen this a few times on Domain contollers and the stand alone product.

    :42882