Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 22079 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint users can change settings

Ross86

Hi All,

Recently setup Enterprise console and configured policies for each category.

However most of the users are able to open the Endpoint and change their firewall settings,  strangely I installed the Endpoint on another laptop and configure firewall is greyed out...however it's in the same policies as the other PCs/Laptops.

I also have tamper protection enabled on all policies.

Any idea how to make it so users cannot change any settings?

Thanks

Ross

:54253


This thread was automatically locked due to age.
  • 0

    Hello Ross,

    some firewall settings are available to non-SophosAdministrators alike. TP applies only to Administrators/SophosAdministrators but anyway does not cover SCF. Guess if it's unavailable then either because the user doesn't belong to any Sophos group or there is some error. I'm not aware of a simple method to completely lock down the SCF settings.

    Christian

    :54291
  • 0
    Ok thanks Christian, I'll have a look at the one that didn't let me change settings. It's odd it lets normal users turn off or allow all traffic on the firewall. I may raise a support ticket.
    :54313
  • 0

    Hi Ross,

    Having the same issue did you get this resolved?

    Thanks

    :54319
  • 0

    Hi LTF,

    Yes and no... I know why just not why it has happened on some and not others.  If you go into local users and groups on the PCs, there is a sophosadministrator group,  in here I had /everyone as well as domain admins.  I removed it and now users cannot change any setting.

    Now I don't know where it gets this group from and how everyone was in there.  If I find out I'll report back.

    Cheers

    Ross

    :54331
  • 0

    Hello Ross,

    the Allow all traffic option should not be available to normal users. But it seems that almost everything else is configurable and that enables them in effect to bypass the firewall. That SCF's version has been bumped to 3.0 (and the low level architecture has been attuned to Windows 8)  might indicate that it's not dead, OTOH there was nothing new (let alone exciting) in 3.0 and ever since its inception (or acquisition) it's been a Cinderella.

    Christian

    :54333
  • 0
    Hi Christian,

    Now I've removed the everyone group from the sophos admins group on the local machine the user cannot change any firewall setting its greyed out, which is good. Not sure how it happened in the first place though.
    :54363
  • 0

    Hello Ross,

    how it happened in the first place

    Understanding Windows and Sophos Groups briefly explains the groups and how they are populated. Thus either Everyone was a member of the Administrators group at install time or someone/something added the account to the SophosAdministrator group later. Please note that the members of the named Windows groups are added to the Sophos groups and these are not modified after install (thus adding an account to the Administrators groups after the Sophos installation does not give it SophosAdministrator rights).

    Strange though if every setting is greyed - an account must be at least a member of the SophosUser group to open the GUI. For SophosUser accounts the firewall configuration shows the General and the Checksums tabs, under the former the Configure ... button for the Primary Location is active and takes you to a window with the tabs Global Rules, Applications and Processes. That's, I think, how it should look like ...

    Christian

    :54369
  • 0

    Thanks Christian, deploying since has been fine...it was probably in the local admins at one point.

    :54421