Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 27029 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Purging old SafeGuard clients / Purging unassigned users

PeGuenther

Hi SOPHOS-Support-Team, hi SG-Admins,

we have two issues in our SafeGuard environment and want to purge old, inactive clients if possible.

We are running SafeGuard 6.00.10 on our SG Enterprise Server as well as on most of our SG Clients.


Case 1:

We are receiving all known client objects from our Active Directory via sync-job regardless if SafeGuard is in use or not. Only MobileClients will get SafeGuard installed. There are international ActiveDirectory SubSites where decommisioning of clients isn't working that well. There are Clients still registered in AD even when this clients are decommissioned already.
Now, while this offline clients still remain in AD, they are even still registered in SafeGuard. Even if there is no communication for more than six month, now. This situation brings us to a license issue. We have an amount of over 400 clients which haven't been connected to SG Enterprise Manager for over 6 month now.

Is there a way to purge inactive clients like that command "purgedb" found for Sophos Control Center even for SafeGuard Enterprise?

Case 2:

Sometimes our employees are using a SafeGuarded Notebooks for just a period of a month when they are on a business trip for example. While they use SafeGuard for the first time, there was a new certificate generated automatically for them.


After this first SafeGuard usage periode ends the user will go on working on a desktop without SafeGuard. The Notebook will be decommisioned and recycled for another usage after their return but the User Certificate still remains in the SafeGuard-Database which will be a problem later ...

When this One-Time SafeGuard-Users will become a SafeGuard User again in future, the old certificate with the very old and unknown password will be synced to that fresh SafeGuard-Installation. The User will become asked for that unknown old password.

Is there a way to query and detect Users with certificates but not asigned to a workstation?
May it be possible to purge all this users without workstation assignment?

Do you have Programms, Tools, Scripts or SQL-Queries to help us purging the old stuff out of the SG-Database?

Thanks in advance,

Peter

:44371


This thread was automatically locked due to age.
Parents
  • 0

    Hello Holger,

    thank you very much for your feedback and your solution - This looks great!

    It's just what I'm looking for - and it looks like I'm not the only one.

    Otherwise you won't be able to hand it over so quick - right?

    I'm not very familiar with that scripting language and that scripting API.

    I need to review and test it in another environment.

    Meanwhile I have raised a support call and got an answer as well.

    The guys told me what they need to tell me - it is dangerous to tweek the database, so I received

    database queries to produce a list of objects wich can be deleted by using the SG-Enterprise Console again.

    Better than nothing and helpful at the moment, but still a lot of work.

    I try to raise a feature request for that and you are welcome to add your statement here that you wish as well.

    It must be possible for a professional SG Developer to deliver a supported "purge"-tool like your script, right?

    I hope it's allowed to add the SQL-Queries here that were delivered by support-team -  Thanks guys!!!

    Best Regards from Munich,

    Peter

    :44721
Reply
  • 0

    Hello Holger,

    thank you very much for your feedback and your solution - This looks great!

    It's just what I'm looking for - and it looks like I'm not the only one.

    Otherwise you won't be able to hand it over so quick - right?

    I'm not very familiar with that scripting language and that scripting API.

    I need to review and test it in another environment.

    Meanwhile I have raised a support call and got an answer as well.

    The guys told me what they need to tell me - it is dangerous to tweek the database, so I received

    database queries to produce a list of objects wich can be deleted by using the SG-Enterprise Console again.

    Better than nothing and helpful at the moment, but still a lot of work.

    I try to raise a feature request for that and you are welcome to add your statement here that you wish as well.

    It must be possible for a professional SG Developer to deliver a supported "purge"-tool like your script, right?

    I hope it's allowed to add the SQL-Queries here that were delivered by support-team -  Thanks guys!!!

    Best Regards from Munich,

    Peter

    :44721
Children
No Data
Unfiltered HTML