This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console Feature Request

As many know, Sophos can sync with Active Directory.   This is great, but once a group is synced, all the computers in that group are stuck with that group.

I'm continually stuck with the problem of NOT being able to:

-schedule individual scans on synced computers

-apply custom policies of Application Control/Updats/Exclusions to specific computers in synced groups

Sophos' only solution so fat is to move the target computers from their current AD OU to a custom OU.  This is good, but not ideal in a business environment where their AD OU  and AD accout is tied to other factors beyond an Anti-Virus perspective.

I would like the ability to drag/move a computer from a synced group to a custom group.  Or if not, Be able to FLAG a computer so that I can then implement a custom policy that OVERRIDES the synced group's policy.

Example: I have VIP computer in an OU AD group called, let's say, "SALES_DEPT".  They are synced to Sophos for policies and updates, which is great.  Problem, we are blocking GoogleChat/GoogleTalk in Application Control Policy on the "SALES_DEPT" OU for obvious reasons, but the VIP in this OU is required to use this application for video conference meetings with other deptment members.  What do you do?  You cannot move this user's computer from on OU to another is it may be tied to other AD- related settings, like GPO for that OU, and you can't enabled GoogleTalk to the OU as it will enable ALL users to use GoogleTalk potentially for non-business use.

:1094


This thread was automatically locked due to age.
  • I use the AD sync feature as well.  To deal with issues such as this I create a standalone group in the Enterprise Console, break AD syncronization on the syncronized group, move the pc in question to the standalone group, and create a seperate policy.  I don't think there is a need to create a seperate OU in AD.

    Yes - it would be a nice feature to be able to modify policies on an individual machine.

    :2045

  • ksmith0724 wrote:

    I use the AD sync feature as well.  To deal with issues such as this I create a standalone group in the Enterprise Console, break AD syncronization on the syncronized group, move the pc in question to the standalone group, and create a seperate policy.  I don't think there is a need to create a seperate OU in AD.

    Yes - it would be a nice feature to be able to modify policies on an individual machine.


    ksmith0724,

    yes, I tried that method of de-syncing and moving target machines to a specifcally created group for scans, policy application, etc, but when you re-sync that original group, the machines you moved will go back to that original group and out of the newly created group.

    :2047
  • We would also love to see this feature. Has there been any progress on implementing it?

    :5701