Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 10908 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deployment

SteveLaw

Hi,

We have Sophos Complete Security Suite which I am currently testing and exploring.  I currently have various questions relating to deploying the Anti-virus and Encryption software to the clients.    We have a Windows Active Directory domain.

Installation of "security software" automatically using synchronization in the Enterprise Console appears to work for the most part (see second issue below) however there are a couple of issues that I'm hoping someone may be able to help with.

The "security software" in the Synchronization properties does not include Encryption Software.  As far as I can see there is no way to automatically deploy this, have I missed something?  Has anyone figured out a way to do this?  Obviously automatic installation is the best way to ensure full coverage and is quite important.

Also, it seems that if I re-add a computer to the domain with the same name (after a reinstallation of Windows) the securtiy software does not automatically install.  Is this the correct behaviour?  Is there a way to resolve this?

Many thanks.

:55765


This thread was automatically locked due to age.
Parents
  • 0

    Hello Steve.

    Encryption first. Sounds like you are referring to the SEC-integrated SDE/FDE version 5.61, aren't you? Please note that it - AFAIK - won't be developed further. It doesn't support Windows 8 (or newer versions). Install and initial setup are ill-suited for automatic deployment. For one thing SDE needs the endpoint software to be installed and SEC would have to track the install and only if successful deploy Encryption - which could be at an inappropriate moment.

    after a reinstallation of Windows the security software does not automatically install

    SEC can't detect a reinstall - it "detects" an endpoint when that contacts the management server. It can't discern a switched-off endpoint and one w/o the software. Furthermore - even if the endpoints contacts SEC but reports an installation error, the attempt fails early, or the attempt times out the deployment isn't re-tried. Automatic deployment takes place when a new computer object is detected - as long as the computer stays in the sync'ed OU it won't be new. You could remove it from the OU, SEC will subsequently move the corresponding entry to the Unassigned group. You'd then have to delete it (guess this now suffices, previously you had to use SQL to delete it from the database as console-deleted computers remain in the database) before adding it to the OU.

    Personally I see automatic deployment as a convenience if certain conditions are met. E.g. if another install is running when the computer is synchronized protection will fail. You could, as we do, install Sophos together with the initial OS and software setup (this would also take care of reinstalls).     

    Christian

    :55774
Reply
  • 0

    Hello Steve.

    Encryption first. Sounds like you are referring to the SEC-integrated SDE/FDE version 5.61, aren't you? Please note that it - AFAIK - won't be developed further. It doesn't support Windows 8 (or newer versions). Install and initial setup are ill-suited for automatic deployment. For one thing SDE needs the endpoint software to be installed and SEC would have to track the install and only if successful deploy Encryption - which could be at an inappropriate moment.

    after a reinstallation of Windows the security software does not automatically install

    SEC can't detect a reinstall - it "detects" an endpoint when that contacts the management server. It can't discern a switched-off endpoint and one w/o the software. Furthermore - even if the endpoints contacts SEC but reports an installation error, the attempt fails early, or the attempt times out the deployment isn't re-tried. Automatic deployment takes place when a new computer object is detected - as long as the computer stays in the sync'ed OU it won't be new. You could remove it from the OU, SEC will subsequently move the corresponding entry to the Unassigned group. You'd then have to delete it (guess this now suffices, previously you had to use SQL to delete it from the database as console-deleted computers remain in the database) before adding it to the OU.

    Personally I see automatic deployment as a convenience if certain conditions are met. E.g. if another install is running when the computer is synchronized protection will fail. You could, as we do, install Sophos together with the initial OS and software setup (this would also take care of reinstalls).     

    Christian

    :55774
Children
No Data