As many know, Sophos can sync with Active Directory. This is great, but once a group is synced, all the computers in that group are stuck with that group.
I'm continually stuck with the problem of NOT being able to:
-schedule individual scans on synced computers
-apply custom policies of Application Control/Updats/Exclusions to specific computers in synced groups
Sophos' only solution so fat is to move the target computers from their current AD OU to a custom OU. This is good, but not ideal in a business environment where their AD OU and AD accout is tied to other factors beyond an Anti-Virus perspective.
I would like the ability to drag/move a computer from a synced group to a custom group. Or if not, Be able to FLAG a computer so that I can then implement a custom policy that OVERRIDES the synced group's policy.
Example: I have VIP computer in an OU AD group called, let's say, "SALES_DEPT". They are synced to Sophos for policies and updates, which is great. Problem, we are blocking GoogleChat/GoogleTalk in Application Control Policy on the "SALES_DEPT" OU for obvious reasons, but the VIP in this OU is required to use this application for video conference meetings with other deptment members. What do you do? You cannot move this user's computer from on OU to another is it may be tied to other AD- related settings, like GPO for that OU, and you can't enabled GoogleTalk to the OU as it will enable ALL users to use GoogleTalk potentially for non-business use.
This thread was automatically locked due to age.
