Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 12246 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos requires admin rights to open Endpoint Protection

jackandrew1995

Hello,

Currently on a trial of Sophos Enterprise Console and Endpoint Protection, I have sucessfully deployed Sophos in a domain environment to some machines from the Enterprise Console and it has scanned and polcies have applied.

But when I attempt to click on the Sophos tray icon it wont open without me entering Admin credentials? Other places where I have seen Sophos inplace does not require this and a normal end user can open the application.

I have searched for this issue but cant see anyone else who is having this issue, can anyone help?

Thank you

Jack

:55388


This thread was automatically locked due to age.
  • 0

    Hello Jack,

    when I [a normal end user] attempt...

    is this I a standard user or an administrator? SavMain's manifest specifies an execution level of highestAvailable (as opposed to requireAdministrator) so a standard user shouldn't get a prompt. The behaviour of the prompt (confirmation/consent or credentials) depends on the UAC settings (Local Security Policy -> Local Policies -> Security Options).

    Christian

    :55399
  • 0

    Hello, 

    When I say I, I meant a standard user yes as I dont have admin rights on my standard log in... sorry for not making that clear :)

    When you say it depends on the UAC settings, what do you mean? Everyone has UAC set on with the security level at Default.

    Sorry about this, I'm kinda new to Sophos deployment. Worked with Sophos before, but never deployed it.

    Thank you

    :55403
  • 0

    Hello Jack,

    UAC settings

    only apply to admin accounts in this case. As said, SavMain.exe specifies an execution level of  highestavailable and thus a standard user should not get a UAC prompt. If an administrator starts SavMain then the UAC settings come into play, specifically User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode.

    Anyway, this is not related to deployment (the manifest is contained in the executable). I'd suspect some GPO (please see Prompted for credentials when running Sophos client on workstation).

    Christian

    :55409