Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 5097 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SophosUpdateMgr account in AD gone

Jun

Hi,

Our client have failed error on updating status and notice that SophosUpdateMgr account is no longer in our AD? Nobody remove that user account in AD.

Any idea what might have cause it? We uninstalled Sophos Update Manager in one of our dc server and could not reinstalled it again due to user authentication, you think this might have cause the error?

Thanks for those who could give some inputs.

:14397


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    It's mainly used when you have a remote database, i.e. a distributed install. If the management service and database are on the same machine; as the management service runs as "local system" and doesn't impersonate a database account, it's not realy required as the management service, running as system has full access to the database anyway.

    I would suggest, to re-create the group.  "Sophos DB Admins" (Domain local on if you're on a DC), that way when you do an upgrade in the future, you should be ok, as from SEC 5, the management service will always imperonate an account to gain access to the database, so the account (you will be forced to choose) would then need to be a member of the "Sophos DB Admins" group, unless of course the account it impersonates is a sys admin on the DB anyway.

    Jak

    :19225
Reply
  • 0

    Hi,

    It's mainly used when you have a remote database, i.e. a distributed install. If the management service and database are on the same machine; as the management service runs as "local system" and doesn't impersonate a database account, it's not realy required as the management service, running as system has full access to the database anyway.

    I would suggest, to re-create the group.  "Sophos DB Admins" (Domain local on if you're on a DC), that way when you do an upgrade in the future, you should be ok, as from SEC 5, the management service will always imperonate an account to gain access to the database, so the account (you will be forced to choose) would then need to be a member of the "Sophos DB Admins" group, unless of course the account it impersonates is a sys admin on the DB anyway.

    Jak

    :19225
Children
No Data