Automated assigning of clients to different groups based on a list in a text file?

Hi,

Have you tried constructing from these third-party text files, the files that can be imported into SEC?

The SEC help has details on the format of the file to import from text (file:///C:/Program%20Files/Sophos/Enterprise%20Console/Help/Eng/tasks/find_05_import.html), you don't need to worry about the OS and Domain name, that will be reported back once the client is managed.

Once the records are imported into SEC groups you can remove the original entries from unnassigned, as the clients are protected they should match up with the values in the SEC groups.

Regards,

Jak

Thank you!

I tested it with one group and a strange thing happened. There is 193 computers in that group, but only 50 appears in the SEC in the group. The text file looks like:

[GroupName]

machine1

...

machine193

I don't know why all 193 computers appear in the "GroupName"...

EDIT:

OK, I deleted all computers from "Unassigned" group and now it's okay! Thanks again!

I have one more question regarding this topic: I started to protect the computers in a group, but some of them appear in a different group after the protection is installed. Why could this happen?

Hello newco,

an arbitrary group? Or did you at some point delete (still unprotected) computers and reimport them to different groups?

Christian

Hello Christian,

First I discovered all computers on the network, but then I used the text files to import the computers to different groups. Then I deleted all discovered computers from the Unassigned group.

Now some of the protected computers show up in the Unassigned group, but I already found computers that somehow changed their group to another.

newco

Hello newco,

I haven't looked into the "client re-recognizing" logic lately. Some explanation - when a computer is discovered or imported a computer entry is created and the available attributes (name, OS, IP, workgroup/domain) are set. If you delete a computer it's entry is not deleted from the database but just set to "invisible" but it's attributes are not cleared. 

When the computer is protected and reports it's actual attributes, SEC tries to find a matching entry to use. If it finds one it unhides it, setting new attributes and using existing ones (including group membership) - if not, it creates a new entry. Similar logic applies if you (re-)discover or (re-import). This means that in case of conflicting or discerning (whatever the logic sees a s conflicting - OS for example) attributes two entries with the same name will exist. I think (as I said, I have not inspected the logic) that in some cases the "hidden" entry might be considered the (better) match resulting in the visibility to be switched - thus the client ends up in the group the formerly hidden entry belongs to. This would explain the Unassigned group.

Hmm ... I'd just stop the Message Router service (so that protected clients can't report in), delete all computers except the management server from the database, import again from the text file and start the Message Router. Note that this is unsupported fiddling with the database if you do it without being asked to do so by Support :smileywink: though

Christian

Thank you for the explanation, Christian!