Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 3222 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SCCM and the unmanaged folder

reltihmd

we have used AD Synchronisation for a few years now - and recently began deployment using SCCM as we found it to be more suited to our setup, unfortunately though all computers that have sophos deployed through SMS go straight into the unmanaged group and then will not move into a synchronised folder, even though they are in the correct group in AD - as we use the AD structure for managing our test machines etc we don't want to stop synching the structure - anyone got a solution for this?

:9879


This thread was automatically locked due to age.
  • 0

    Hello,

    take a look at  setup.exe's parameters, -G can be used to specify the target group. Just installed SAV (manually, but this should not make a difference) using this switch on a previously unknown machine. Moved it into a sync'ed OU, waited for it to appear in SEC and then started the install. It stayed in the correct group as expected. Can't say if (and how) you can "construct" the required parameter for -G though.

    HTH

    Christian     

    :9895
  • 0

    Can -G specify a sync'd folder? when our machines install through SCCM they are already in the sync'd OU in AD

    seems strange that just because sophos wasn't installed through SEC that it wont sync the machine into the correct group :(

    :9903
  • 0

    Can -G specify a sync'd folder

    Yup, that's what I did test before I posted. I could try to recreate what you observe one of the next days - no promise though. BTW: which software and console version?

    Christian

    :9911
  • 0

    This is an older ticket but I am in a similar situation and need one piece of clarification. I also use SCCM to install Sopho's on our workstations. If I use -g to tell Sopho's which group the client belongs to and that group is synced automatically in AD, can I use this switch to add the machine BEFORE it is synced between AD and Sophos? Or should I create a manual package thate has pre-configured policies for the machine until it recieves new policies from Sophos after Sophos synch's with AD and adds the machine to the correct group?

    :23805
  • 0

    Hello MSEE,

    which policies do you need "immediately"? Depending on your actions and their timing the machine might already have been sync'ed when you deploy Sophos. If it isn't, it should be moved to the correct group at the next sync. What interval do you use?

    Christian

    :23821
  • 0

    We have Sophos set up to synch with AD everyt 15 minutes. But what is happening is our Domain has over 50 DC's that all need to sync up so remote locations build new desktops and they end up getting place in the unmanaged group because Sophos doesn't see them yet. So this causes them to turn on their firewall with default settings making them unable to properly communicate on the network.

    So if I create a manual package that applies our firewall rules, would this set up the firewall the way we want until the machines are disocovered by Sophos and it can then place them in the right group?

    :23827
  • 0
    Hello MSEE,

    you can configure the CID where you install or build your package from. This way the rules will be in effect until overridden by the policy. See: http://www.sophos.com/support/knowledgebase/article/113039.html

    Christian
    :23833