Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 8214 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does sophos on domain detect reimaged machines and trigger a reinstall?

givemecontrol

Is there a task or something that i can run on the sophos enterprise console to reinstall machines which a) do not have it installed or b) had it installed, were reimaged and now need it again.

I have looked through several documents, and it seems like the only solution involved running startup scripts (spew), which with everyone being a limited user, would fail anyways.

Some other antivirus providers have a like "install task" that you can set to run every hour or 8 hours or whatever and it will go and look on all the computers it knows about and install update the ones which does not have the program installed. Does  a similar functionality exist for sophos?

:45799


This thread was automatically locked due to age.
  • 0

    Hello givemecontrol,

    there isn't a scheduled check-and-install-if-necessary task. AD synchronization can optionally attempt to install the software but it does so only for newly detected computers (i.e. those added to a synchronized OU) and makes only one attempt (if you reimage a computer with the same name it might appear the same and protection will not be reattempted).

    startup scripts (spew), which with everyone being a limited user, would fail anyways

    not login scripts, startup scripts: Startup scripts run with System privileges for local resources, but with the credentials of the computer object elsewhere in the network.

    Christian

    :45815
  • 0

    Ok thanks. Yes I dont really want to delay peoples logon checking this at every computer startup, but I will look into how much time it actually takes.

    The AD syncronization you mention, is that done by script as well? otherwise can you send me the kb article on how to configure it, if you have it handy.

    thanks

    :45851
  • 0

    Hello givemecontrol,

    I dont really want to delay peoples logon

    do not forget - you do want the computer to be protected when it's about to be used. The install - provided that it is successful - is carried out only once, the check itself is inexpensive.

    For Synchronizing with Active Directory please see chapter 4.5 in the Console 5.2 Help 

    Christian

    :45861
  • 0

    It would be nicer to have some other method, but i have put the startup script now and hopefully it is quick as you say. i have tested it on a few machines now and it is acceptable.

    in regards to syncronizing AD, yes I re-read that article you linked. so far the options that I see for doing this are:

    1) use sophos console to "protect computers"

    As you say previously "it does so only for newly detected computers (i.e. those added to a synchronized OU) and makes only one attempt (if you reimage a computer with the same name it might appear the same and protection will not be reattempted)."

    I am not sure what would be doing that "automatically".

    So if i add a computer to my OU in active directory, sophos will push it, not by script, and not by clicking "protect computers" and going through wizard? I just want to make sure I am understanding what you wrote. You do say it will detect and install on "newly detected computers" but I do not see where I would configure this.

    :45891
  • 0
    Hello givemecontrol,

    when AD sync is configured with automatic protection SEC upon noticing a new computer in an OU dispatches an electronic monkey who will click Protect Computers and make the necessary arrangements with the wizard :P
    How to setup AD sync is described in the Help. There's also an interactive article linked from the Enterprise Console documentation page which covers different scenarios with detailed instructions as well as references to related articles.

    Christian
    :45899
  • 0

    Ah ok I found it now. For anyone else looking its called "Synchronize with Active Directory", which you get to by right clicking the group or OU in sophos endpoint console and going to "Synchronize with Active Directory". In that wizard, there is an option to auto install protection, which i assume auto installs when a computer is joined to that ou.

    as you say above this does not work for reimaged computers, but hopefully the startup script should cover that.

    thanks i think that solves everything.

    :45907