Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1630 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

So how does "Protect Computers" actually work?

Squmph

Hi All,

First post - I have been deploying Sophos in enterprise environments since SAV v4 but have never actually had to ask a question - a testament to the product and the information already available from the community and knowledgebase!

I need to understand how the client push function in EC actually works. As we all know it creates a scheduled task (and from this point it's blindingly obvious how it works), but what I need to know how exactly it goes about creating this task.

I can see at least two options:

a) It uses the windows "schtasks" utility with appropriate parameters.

b) It accesses the remote filesystem directly through SMB.

I'm pretty sure its option B, in which case I need to ascertain the exact UNC used - is it using \\YourPC\admin$\Tasks or \\YourPC\C$\Windows\Tasks (or something else?)

Any further info on this would be greatly appreciated.

While this is a request for info, the problem (if anyone is interested) is that I can't push the client to machines with the system installed to a drive other than C:, leading me to believe that the system is hard-coded to push to c$.

Thanks!

Rob

:25903


This thread was automatically locked due to age.
Parents
  • 0

    Hi Jak,

    Thanks for this. Clearly doesn't seem to be what I think it is.

    I'm deploying SEC 5.0; unfortunately SEC 5.1 isn't available to us yet (we have to wait for a third party to release it) but that's another question.

    I'm trying to deploy to a Win7 Ent x64 client with the system installed on D:\. The user account specified to perform the installation is an admin on this workstation and has access to D:\Windows\Tasks (tested) or \\computer\d$\windows\tasks. The local firewall and UAC have already been disabled during testing. I've also used schtasks to schedule a task remotely as the given user. There are no other firewalls or network ACLs in the way of this communication.

    When deploying, essentially nothing obvious happens - the scheduled task never gets created. The console shortly returns the standard error of "it isn't there" (computer may be offline, renamed etc etc).

    Performing a pull installation works 100% and I have multiple clients running fine with correct policies etc etc.

    Any ideas?

    Rob

    :25929
Reply
  • 0

    Hi Jak,

    Thanks for this. Clearly doesn't seem to be what I think it is.

    I'm deploying SEC 5.0; unfortunately SEC 5.1 isn't available to us yet (we have to wait for a third party to release it) but that's another question.

    I'm trying to deploy to a Win7 Ent x64 client with the system installed on D:\. The user account specified to perform the installation is an admin on this workstation and has access to D:\Windows\Tasks (tested) or \\computer\d$\windows\tasks. The local firewall and UAC have already been disabled during testing. I've also used schtasks to schedule a task remotely as the given user. There are no other firewalls or network ACLs in the way of this communication.

    When deploying, essentially nothing obvious happens - the scheduled task never gets created. The console shortly returns the standard error of "it isn't there" (computer may be offline, renamed etc etc).

    Performing a pull installation works 100% and I have multiple clients running fine with correct policies etc etc.

    Any ideas?

    Rob

    :25929
Children
No Data