Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 27033 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Purging old SafeGuard clients / Purging unassigned users

PeGuenther

Hi SOPHOS-Support-Team, hi SG-Admins,

we have two issues in our SafeGuard environment and want to purge old, inactive clients if possible.

We are running SafeGuard 6.00.10 on our SG Enterprise Server as well as on most of our SG Clients.


Case 1:

We are receiving all known client objects from our Active Directory via sync-job regardless if SafeGuard is in use or not. Only MobileClients will get SafeGuard installed. There are international ActiveDirectory SubSites where decommisioning of clients isn't working that well. There are Clients still registered in AD even when this clients are decommissioned already.
Now, while this offline clients still remain in AD, they are even still registered in SafeGuard. Even if there is no communication for more than six month, now. This situation brings us to a license issue. We have an amount of over 400 clients which haven't been connected to SG Enterprise Manager for over 6 month now.

Is there a way to purge inactive clients like that command "purgedb" found for Sophos Control Center even for SafeGuard Enterprise?

Case 2:

Sometimes our employees are using a SafeGuarded Notebooks for just a period of a month when they are on a business trip for example. While they use SafeGuard for the first time, there was a new certificate generated automatically for them.


After this first SafeGuard usage periode ends the user will go on working on a desktop without SafeGuard. The Notebook will be decommisioned and recycled for another usage after their return but the User Certificate still remains in the SafeGuard-Database which will be a problem later ...

When this One-Time SafeGuard-Users will become a SafeGuard User again in future, the old certificate with the very old and unknown password will be synced to that fresh SafeGuard-Installation. The User will become asked for that unknown old password.

Is there a way to query and detect Users with certificates but not asigned to a workstation?
May it be possible to purge all this users without workstation assignment?

Do you have Programms, Tools, Scripts or SQL-Queries to help us purging the old stuff out of the SG-Database?

Thanks in advance,

Peter

:44371


This thread was automatically locked due to age.
Parents
  • 0

    I'd like to add somt details to the SQL queries supplied by Peter (PeGuenther):

    sg-db-query-user.txt can be used to identify users (or localusers) in the SafeGuard Enterprise Database that have a certificate assigned but do not (or no longer) have a User Machine Assignment associated to them.
    The query also picks up the creation and modify date from the users so you can easily see if those user accounts have been recently modified or not.

    sg-db-query-machines.txt will provide the date of the last client sync. This can be used to identify which clients haven't connected to the SafeGuard server for a certain time.

    Regards,

    Roman

    :44739
Reply
  • 0

    I'd like to add somt details to the SQL queries supplied by Peter (PeGuenther):

    sg-db-query-user.txt can be used to identify users (or localusers) in the SafeGuard Enterprise Database that have a certificate assigned but do not (or no longer) have a User Machine Assignment associated to them.
    The query also picks up the creation and modify date from the users so you can easily see if those user accounts have been recently modified or not.

    sg-db-query-machines.txt will provide the date of the last client sync. This can be used to identify which clients haven't connected to the SafeGuard server for a certain time.

    Regards,

    Roman

    :44739
Children
No Data
Unfiltered HTML