Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 15225 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add AD user to every POA enabled machine?

megs85

I'd like to add an AD Admin account to be able to login through POA on every machine in my environment. Is there a way I can do this in one go? Or do I have to go to every machine and add the account as a user.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember
    If you are using a Safeguard Enterprise solution - then yes you can.
    You assign the user account to a machine and make sure that it has a user certificate generated - test this by making sure that you can log into that machine through the POA with that account and password.

    Once a user has a certificate, you can assign that user to any machine in your environment by clicking on the machine then on the users tab in the middle section. You can assign the user here. The machine will download the assignment and that user's certificate the next time it contacts the SGN server.

    See User Machine Assignment in the manual: www.sophos.com/.../sgn_7_h_eng_admin_help.pdf

    However, this isn't a very good idea. This would mean that this one user would have complete access to all encrypted data on those machines. Also, you would need to manage that user account's password carefully.

    Instead, use our built in account type called POAUser - these are special built accounts that you define and assign out to POAs in your environment. They don't change unless you alter them (ie., passwords don't expire) and are more secure. Please see this KBA: www.sophos.com/.../114273.aspx

    Also, this is detailed in the administration guide on page 113: www.sophos.com/.../sgn_7_h_eng_admin_help.pdf

    This is the version 7 guide.
  • 0 in reply to FormerMember
    There are times you NEED to be a domain admin on the end user's computer. The POA Users don't have domain rights, let alone domain admin rights. How do you get around that?
  • FormerMember
    0 FormerMember in reply to CarlesBrantley
    At POA Disable pass-through to Windows
    At Windows switch user to "SafeGuard Other"
    Login as a Domain Admin
Unfiltered HTML