Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1057 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ESAC 9.7: Completely disable Access to GUI

MPro

Hello,

we are just implementing Sopohs ESAC 9.7 and SEC 4.7.

We have a lot of users that are local admins (yes, they have to be) and i want to keep manipulations to the scanner to a minimum.

Just using the Manipulation Policy is not enough in my oppinion. You can still, for example, remove ".exe" from the

files-to-scan list or play with the firewall settings.

What i want is that there is of course an icon in the taskbar area (saying: stay calm, you are protected), but you can not right-click it and open the sophos gui, or that gui will show nothing but some useless information.

Is that possible?

thanks and best regards,

Marcs

:15115


This thread was automatically locked due to age.
Parents
  • 0

    they are professors at a university

    This disqualifies them (with a few exceptions) :smileywink: - be glad they accept AD

    Another thing: The Sophos Security groups are built when Sophos is installed and are static (see for example here under SavMain.exe). Any local administrator created later will not belong to the SophosAdministrator group (but of course they could add themselves in unless you prevent this).

    Christian

    :15129
Reply
  • 0

    they are professors at a university

    This disqualifies them (with a few exceptions) :smileywink: - be glad they accept AD

    Another thing: The Sophos Security groups are built when Sophos is installed and are static (see for example here under SavMain.exe). Any local administrator created later will not belong to the SophosAdministrator group (but of course they could add themselves in unless you prevent this).

    Christian

    :15129
Children
No Data