Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1629 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

So how does "Protect Computers" actually work?

Squmph

Hi All,

First post - I have been deploying Sophos in enterprise environments since SAV v4 but have never actually had to ask a question - a testament to the product and the information already available from the community and knowledgebase!

I need to understand how the client push function in EC actually works. As we all know it creates a scheduled task (and from this point it's blindingly obvious how it works), but what I need to know how exactly it goes about creating this task.

I can see at least two options:

a) It uses the windows "schtasks" utility with appropriate parameters.

b) It accesses the remote filesystem directly through SMB.

I'm pretty sure its option B, in which case I need to ascertain the exact UNC used - is it using \\YourPC\admin$\Tasks or \\YourPC\C$\Windows\Tasks (or something else?)

Any further info on this would be greatly appreciated.

While this is a request for info, the problem (if anyone is interested) is that I can't push the client to machines with the system installed to a drive other than C:, leading me to believe that the system is hard-coded to push to c$.

Thanks!

Rob

:25903


This thread was automatically locked due to age.
  • 0

    HI,

    So you have the article: http://www.sophos.com/en-us/support/knowledgebase/12455.aspx which gives you the basic overview.  Mainly linked here for other users finding this thread.

    SEC 5.1 behaves slightly differently to previous versions (should be more reliable certianly deploying to Vista+) in as far as it uses the newer taskscheuler interface and also sets the task to run with the "HighestAvailable" "RunLevel".  If you right click on the install task you can export it to XML to study all the options set.

    ITaskScheduler  and ITaskService are the 2 interfaces:
    http://msdn.microsoft.com/en-us/library/windows/desktop/aa383606(v=vs.85).aspx

    Version 2 is used by default for SEC 5.1

    It will therefore be a DCOM call to the remote machine so should not be path specific.

    What version of SEC are you running out of interest?

    Regards,

    Jak

    :25907
  • 0

    Hi Jak,

    Thanks for this. Clearly doesn't seem to be what I think it is.

    I'm deploying SEC 5.0; unfortunately SEC 5.1 isn't available to us yet (we have to wait for a third party to release it) but that's another question.

    I'm trying to deploy to a Win7 Ent x64 client with the system installed on D:\. The user account specified to perform the installation is an admin on this workstation and has access to D:\Windows\Tasks (tested) or \\computer\d$\windows\tasks. The local firewall and UAC have already been disabled during testing. I've also used schtasks to schedule a task remotely as the given user. There are no other firewalls or network ACLs in the way of this communication.

    When deploying, essentially nothing obvious happens - the scheduled task never gets created. The console shortly returns the standard error of "it isn't there" (computer may be offline, renamed etc etc).

    Performing a pull installation works 100% and I have multiple clients running fine with correct policies etc etc.

    Any ideas?

    Rob

    :25929
  • 0

    Hi,

    If you're using SEC 5.0, does it help to create the following key on the management server:

    Under: 

    HKEY_LOCAL_MACHINE\SOFTWARE[wow6432node]\Sophos\EE\

    Create a new DWORD called:

    EnableTaskScheduler2

    and set it to 1.  I can't remember if you have to restart the management service or if it's checked at each deploy.  I guess it does no harm to restart the service anyway to be sure.

    This is essentially the change in SEC 5.1, however SEC 5.1 also creates the task with the HighestAvailable property set in the task but as you've disabled UAC that may not matter.  To prove it's working you can export the task created on the client to see the differences.

    Hope it helps.

    Regards,

    Jak

    :25953
  • 0

    Jak,

    Many thanks - that worked a treat. As you say I can see the "Highest Priveliges" box is clearly unticked. Our live environment uses UAC so I need to work out how to get around this (preferably by using SEC 5.1).

    I'll raise another question regarding this as it's somewhat different for my situation!

    Thanks

    Rob

    :25991