hi there
I'm just in the process of looking to make some of updates we do a bit more automated. One of these is resetting access passwords for our SUM Warehouse for some groups.
The problem being we can reset our public SUMs quite easily, all apache setups authenticating against a db, so the hunt is on to make it easy across the board.
Wanting to make the policy update as easy I opened up the SEC (4.7) database and found the updating policies, all nicely stored in XML. The file looks like this;
<policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="com.sophos\mansys\policy" type="UpdatingPolicy"> <updatingPolicy xmlns="http://www.sophos.com/xml/msys/updatingpolicy.xsd"> <subscription identityTag="7738F803-5CFF-4322-AB4E-0E62E080115E" /> <updateLocation bandwidth="0" macProtocol="smb"> <sourceSite searchOrder="1" id="7f1234eb-63d4-465d-9f25-565821fdcb2d"> <unc xmlns="http://www.sophos.com/msys/sddm/common.xsd" uri="\\SEC-PRIMARY\SophosUpdate" user="SEC-PRIMARY\SophosUpdateMgr" password="BEGIN_SECURE_TICKET_e3bbd4b8602843fb94bedf206db60093_END_SECURE_TICKET" /> </sourceSite> </updateLocation> <updateLocation bandwidth="0" macProtocol="smb"> <sourceSite searchOrder="2" id="8a811aff-e11b-4a7e-aa53-bf833ea68b6d"> <http xmlns="http://www.sophos.com/msys/sddm/common.xsd" uri="http://sophos.mybiz.net/sum" password="BEGIN_SECURE_TICKET_b88fceecbb0f4b5e9e727055a0d3030a_END_SECURE_TICKET" user="melts" /> </sourceSite> </updateLocation> <logging enabled="true" maxSize="1" logLevel="Normal" numDaysToKeep="5" /> <schedule autoUpdate="true" updateFrequency="10" useDialUp="false" /> <bootstrap usePrimary="true" alternativePath="" /> <intelligentUpdating enabled="true" /> </updatingPolicy> </policy>
Now I don't know if its possible to work with these files, but I figure I could generate my own and insert them back into the SEC db at the same time as the reset happens on the SUM Warehouse. Of course the password seems to be something unhelpful, looks like md5 between the BEGIN_SECURE_TICKET_ ... _END_SECURE_TICKET but it would be hard to reproduce the password back out of that to send to the SUM so I assume its something properiety. its clearly different to the obfuscationUtil so it looks like I can't generate the password field. If thats the case I just won't have that part of the process optimised, its not a big deal, it would just be handy to be able to reset it (and add new policies and groups and and, the list goes on)
This thread was automatically locked due to age.
