Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 5330 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Duplicated Computer Name

Tseng

Hi,

I've contacted Sophos support regarding this issue earlier, however, no perfect/acceptable solution was given. Just want to check if anyone here has a similar issue or a solution for this.

The case goes like this:

We've known that if a PC is cloned after they have sophos endpoint installed, will bear the same IdentityTag in ComputersAndDeletedComputers, and thus, will display as only 1 computer in console (even if computer name is changed).

So here, the computers are not cloned, but only with the same computer name. They are displayed as only 1 computer, even when both is online. When there's an event (eg. virus detected), the line of record in ComputersAndDeletedComputers will be updated to that computers. An example, both computer name are PC1, with IP 192.168.10.101 and 192.168.10.102, if .101 gets an event, the line of record changes to .101, and when .102 gets an event, the same line of record updates itself with information of .102.

I tried the ComputerNameOverride method stated in KB 110550, as well as regeneration of IdentityTag in KB 116635.

Both doesn't work, and it seems like console is taking computer name (hostname) as priority. And the only solution that work now is to rename the computers manually, and followed by a restart, everything is fine.

Sounds simple to rename, however, two of our clients are facing this issue, each with slightly more than 100 pcs facing this issue. And these 100 pcs are scattered across the nation, each location with only 1-2 pc. So, it's pretty impossible for us to put the effort in going down to each of the location to rename their computers.

What I'm looking for is actually to do it on the console end without renaming at the user end. Any possible solution?

Best Regards,

Tseng

:35891


This thread was automatically locked due to age.
Parents
  • 0

    Hello Tseng,

    first of all, which SEC and SESC versions are involved?

    When you say clients, are these independent installations (each with their own console)? If so, where did they get the idea from to use identical computer and domain/workgroup names :smileyhappy:? And even if it would work with SEC as desired it'd be rather a pain to manage (even assuming the IP addresses are unique).

    Anyway, how many computers are "missing" (in other words, their name is an n-plicate)? AFAIK same computername and same domain/workgroup (and same OS) as an existing entry results in a match (i.e. it is considered to be the same computer) resulting in only one entry. I expect though that the machines showing as one have the same machine_ID.txt.

    it seems like console is taking computer name (hostname) as priority

    Tests suggest that using the actions in both articles together result in creation of a new entry - but using ComputerDescriptionOverride seems not to be sufficient, I had to use ComputerNameOverride (didn't check with ...Domain..). Whatever you do along this line will be a crutch at best though and in the long run using unique names is the better way. BTW - how are these PCs supported and managed (apart from SEC)?

    do it on the console end

    While I think it could be done from the console end I wouldn't recommend it. There's much room for error and many things you could mess up.

    going down to each of the location

    Don't say that almost all locations are affected - as this would mean there are only a handful of computers in SEC and on each site there's a PC1. Is Sophos already installed on all of them? How was the install done? And how come the problem hasn't been identified at an early stage of the roll-out?

    Christian

    :35901
Reply
  • 0

    Hello Tseng,

    first of all, which SEC and SESC versions are involved?

    When you say clients, are these independent installations (each with their own console)? If so, where did they get the idea from to use identical computer and domain/workgroup names :smileyhappy:? And even if it would work with SEC as desired it'd be rather a pain to manage (even assuming the IP addresses are unique).

    Anyway, how many computers are "missing" (in other words, their name is an n-plicate)? AFAIK same computername and same domain/workgroup (and same OS) as an existing entry results in a match (i.e. it is considered to be the same computer) resulting in only one entry. I expect though that the machines showing as one have the same machine_ID.txt.

    it seems like console is taking computer name (hostname) as priority

    Tests suggest that using the actions in both articles together result in creation of a new entry - but using ComputerDescriptionOverride seems not to be sufficient, I had to use ComputerNameOverride (didn't check with ...Domain..). Whatever you do along this line will be a crutch at best though and in the long run using unique names is the better way. BTW - how are these PCs supported and managed (apart from SEC)?

    do it on the console end

    While I think it could be done from the console end I wouldn't recommend it. There's much room for error and many things you could mess up.

    going down to each of the location

    Don't say that almost all locations are affected - as this would mean there are only a handful of computers in SEC and on each site there's a PC1. Is Sophos already installed on all of them? How was the install done? And how come the problem hasn't been identified at an early stage of the roll-out?

    Christian

    :35901
Children
No Data