Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 10455 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can you use groups within the Sophos Groups?

funkytechmonkey

For example. I want to create a Sophos Administrator group. That group will be added to the Administrators group in Roles and Sub-Estates as well as the local group Sophos Console Administrators.  Right now we are just added individual peoples names into these two groups.

Also, If I am just giving a group access to run reports do they have to be in the Sophos Console Administrators group?

The discriptions for the Sophos Console Administrators group says Administrators of the Enterprise Console and all documentation I read says all uses of the console need to be in the Sophos Console Admin group. Shouldnt this group be called "Console Access" instead of Administrator in it. Having ADMIN in it makes it sould like you are giving them full access.

Then you have the Sophos FULL Administrator. Whats the difference?

:55330


This thread was automatically locked due to age.
  • 0

    Hi,

    You can't nest groups as far as I can tell, you have to add members directly.

    In order to be able to launch the console you need to be in the Sophos Console Administrators group as the DCOM security is configured for this group.  I.e. you need to be a member of the grouo in order to interact with the Sophos Management Service.

    Full Administrators group was added when role based administration was added and is part of the default permissions.  I.e. the ability to access the default subestate which includes all groups, etc.

    Regards,

    Jak

    :55331
  • 0

    I found this in some documentation.... It says I can assign Windows Users and Groups to the roles. So they support using groups within the app but the windows groups will not work when you add them to the local group?  Honestly that makes it a mess for adding new users. We have a new HelpDesk department that is about to start with our company and it would be so much easier if I just created a group in AD and assigned a group to all of those users, instead I will have to add each individual person to the "Sophos Admin Console", the DCOM and then add each individual person to the rule or sub group (if adding a group to the rules doesnt work)

    Thats not going to be fun.

    :55333
  • 0

    Is there anyway to clean this up to make it look better and to make it easier to add users.

    Also.... I thought if you add user to the Sophos Console Admin group that you did NOT need to add them to the DCOM.

    But you are saying that I need to add them in both places?

    :55335