Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 22080 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint users can change settings

Ross86

Hi All,

Recently setup Enterprise console and configured policies for each category.

However most of the users are able to open the Endpoint and change their firewall settings,  strangely I installed the Endpoint on another laptop and configure firewall is greyed out...however it's in the same policies as the other PCs/Laptops.

I also have tamper protection enabled on all policies.

Any idea how to make it so users cannot change any settings?

Thanks

Ross

:54253


This thread was automatically locked due to age.
Parents
  • 0

    Hello Ross,

    how it happened in the first place

    Understanding Windows and Sophos Groups briefly explains the groups and how they are populated. Thus either Everyone was a member of the Administrators group at install time or someone/something added the account to the SophosAdministrator group later. Please note that the members of the named Windows groups are added to the Sophos groups and these are not modified after install (thus adding an account to the Administrators groups after the Sophos installation does not give it SophosAdministrator rights).

    Strange though if every setting is greyed - an account must be at least a member of the SophosUser group to open the GUI. For SophosUser accounts the firewall configuration shows the General and the Checksums tabs, under the former the Configure ... button for the Primary Location is active and takes you to a window with the tabs Global Rules, Applications and Processes. That's, I think, how it should look like ...

    Christian

    :54369
Reply
  • 0

    Hello Ross,

    how it happened in the first place

    Understanding Windows and Sophos Groups briefly explains the groups and how they are populated. Thus either Everyone was a member of the Administrators group at install time or someone/something added the account to the SophosAdministrator group later. Please note that the members of the named Windows groups are added to the Sophos groups and these are not modified after install (thus adding an account to the Administrators groups after the Sophos installation does not give it SophosAdministrator rights).

    Strange though if every setting is greyed - an account must be at least a member of the SophosUser group to open the GUI. For SophosUser accounts the firewall configuration shows the General and the Checksums tabs, under the former the Configure ... button for the Primary Location is active and takes you to a window with the tabs Global Rules, Applications and Processes. That's, I think, how it should look like ...

    Christian

    :54369
Children
No Data