This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to keep PCs in server's Safegaurd Management Center after they are removed in AD

The syncing between our AD and SMC is working flawlessly, but we've recently added a new policy that removes machines from our AD after a few months of no logins.

So when a user finally dusts off their secondary laptop, but can't remember their password, we're screwed. When we delete it out of AD it seems to be completely removed without a trace from SMC, making any sort of C/R or virtual client recovery impossible.

I know these machines are gone forever now, but how can we stop this in the future? What SMC setting could I adjust so that our units will always remain in SMC to be recoverable after we've removed them from AD? We're Currently running a mixture of SGE 8.1 and 8.0.



This thread was automatically locked due to age.
  • Ouch!

    I would suggest moving those PC's into a "dis-used/disabled" OU and then not syncing this with Sophos. You could also change permissions on the OU to disallow the Sophos syncing AD account to read/modify that OU for extra security? The import/sync should skip that OU if it's denied permissions and carry on with the rest of the sync.

    You could also perhaps just disable the computer object rather than moving it at all, but I feel moving into a separate OU would be neater and easier to manage. 

  • Yeah, I already do the "Disabled" OU thing, but they are always removed from SMC still after I eventually delete them out of there after a few months (I don't want to leave them in there forever)

  • Hi Michael,

    Removing a machine from AD and synchronizing with SMC should not result in removal of PC and its traced in the console too. Rather the recovery key (if you are worried about SafeGuard volume based encryption)  should be still available under Keys --> inactive keys. You can search for those keys with the following keyword: "Boot_machinename" and this should most certainly bring it up.

    Also Try searching for the machine name under Root to confirm if the machine is actually missing form the SMC completely! Weird one though, in case you have a support ticket, please do help me with the same via DM.

    Regards,

    Adithyan Thangaraj
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.