OK, here is my dilemma.
I have my AD setup the way I want. When I do Lite Touch, and Zero Touch deployments with my MDT servers, the tasks place the computers in specific OUs based on the role the computer deployed is going to do. I have GPOs that apply very specific settings to these computers. What I want to do, is have my Sophos UTM 9.5.xxx read the AD group memberships so that specific computers belonging to specific AD groups are automatically added to groups on the UTM which allow the different groups access to different websites, whilst locking others down to only access certain websites, etc. The AD side of everything via GPOs is working perfectly. The computers get deployed, and all of their settings AD wise get sorted out, added to the computer groups in AD I want, but when it comes to the Sophos side of things, it doesn't work. I can't for the life of me get Sophos to pickup on these specific AD groups (They are computer groups not user groups), and automatically add them to the specific Sophos groups, and thus allow them to get out to the net where I need them to be able to go. As it stands right now, I have to manually add the computers to groups in Sophos via (Network Definitions --> Network Group membership), and then they work as they should based on the Sophos rules I have placed on those groups. But with a fairly massive refresh / re-certification project about to kick off soon, I'd like to have this all working seamlessly with zero input needed by the Sophos Admin. Does anyone have any ideas or suggestions on how to go about this?
This thread was automatically locked due to age.
