I found another post about this issue - /search?q= 27987 - but it does not help.
Here is the situation: our end users are able to open the sophos client on their machines, go to 'configure firewall', and select 'allow all traffic'. We have tamper protection turned on and those options are disabled for the user (the previously mentioned posts states that tamper protection does not cover the firewall section). We need to disable the ability for the end user to make changes at all.
The previous post states that the issue is due to the users being in sophos groups but that does not appear to be the case here. Here is a scenario I have on a test machine:
- I have a local user named IT-Helpdesk that is full admin on the box
- I have a domain user named SupportTest that is a regular user on the domain and that does not have a local account
- On the workstation I have the 4 sophos groups with the following memberships:
-- sophosadministrator: adaministrator, domain admins, IT-Helpdesk
-- sophosonaccess: no members
-- sophospoweruser: no members
-- sophosuser: domain users, authenticated users
- If I log into the SupportTest user, which is just part of the domain users group and does not have a local user, I am able to configure the firewall on the client.
So, any ideas?
This thread was automatically locked due to age.
