Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 19273 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using Sophos Enterprise to monitor End point user account

silentjess

Hi All,

I was asked about the possibility of Sophos to manage/monitor the End point local account creation.

For example, a staff creates a local user on PC1 and sophos is able to track that such an action was done OR to prompt that this user account creation request has been blocked or disallowed.

Sophos will create a local account called SophosSAUComputerName during installation on end point but would sophos also be aware of other local accounts being created?

Is it even possible?

I've tried to google similar when i was asked about this but i don't think this is part of Sophos functionality?

Could anyone verify?

Appreciate it!

:56023


This thread was automatically locked due to age.
Parents
  • 0

    Hello silentjess,

    Sophos does not monitor or control account creation/modification or Windows configuration in general.

    Many configuration options are limited to administrators anyway and you can further restrict them with security policies. Account related events are recorded in the Security Event log. Of course, local administrators being what they are can, in a non-domain environment, override settings you've made and thus for example disable auditing.

    What's the problem with local admins creating additional accounts? In what way is this right "abused"?

    Christian   

    :56030
Reply
  • 0

    Hello silentjess,

    Sophos does not monitor or control account creation/modification or Windows configuration in general.

    Many configuration options are limited to administrators anyway and you can further restrict them with security policies. Account related events are recorded in the Security Event log. Of course, local administrators being what they are can, in a non-domain environment, override settings you've made and thus for example disable auditing.

    What's the problem with local admins creating additional accounts? In what way is this right "abused"?

    Christian   

    :56030
Children
No Data