This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Moving from non-OU client structure to Importing from active directory in Sophos SafeGuard with existing auto-registered (non-active directory method of being added) clients

Hello,

I was curious if Sophos SafeGuard was capable of migrating from manual auto-registered clients to importing clients from active directory. Can you do both at the same time? Would you get duplicate entries? Any information around the migration process or quirks importing from active directory would be helpful. Thank you 



This thread was automatically locked due to age.
Parents
  • Hi  

    You can import an existing organizational structure into the SafeGuard Enterprise Database through an Active Directory. Please check this article for more information. If a computer or user is auto-registered while an Active Directory (AD) sync is performed, two objects may be generated in the SafeGuard directory. This can be solved by deleting the object that was added by the AD sync and leaving the one in the ".Auto registered" folder. The next AD sync will correctly move the object from the ".Auto registered" folder into the desired organizational unit. Let me know if you have any further queries. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • Additional Question: Is it possible to synchronize with only one OU within an active directory?

  • Yes it is. You could also modify perms to only allow the account you're using to read from that particular OU.

  • What would be the benefit/purpose of enabling this feature during AD import:

     - Decide whether Active Directory group memberships should be synchronized with the SafeGuard Management Center

    Thank you!

  • It really depends on how you want to control policies/management. 

    If your whole estate is to be encrypted - it might make more sense to have everything sync'd, but I think especially true if you intend to use File Encryption as well as disk.

    With FE you'll want groups of users/computers to be able to decrypt/encrypt files. This in turn will need carefully management when Bob moves into Finance from HR and she has to have her perms changed. Without group "awareness" in SafeGuard - You'll need to manually sort this so she does/does not have perms/access to something she needs.

    With just DE I feel this (in my opinion) is less of an issue. The disks are encrypted. Users may or may not share computers - this wouldn't impact groups (to the same degree)

     

    So - In my VERY simple mind...Group sync is more relevant to FE and not DE.....

     

Reply
  • It really depends on how you want to control policies/management. 

    If your whole estate is to be encrypted - it might make more sense to have everything sync'd, but I think especially true if you intend to use File Encryption as well as disk.

    With FE you'll want groups of users/computers to be able to decrypt/encrypt files. This in turn will need carefully management when Bob moves into Finance from HR and she has to have her perms changed. Without group "awareness" in SafeGuard - You'll need to manually sort this so she does/does not have perms/access to something she needs.

    With just DE I feel this (in my opinion) is less of an issue. The disks are encrypted. Users may or may not share computers - this wouldn't impact groups (to the same degree)

     

    So - In my VERY simple mind...Group sync is more relevant to FE and not DE.....

     

Children
No Data