This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Purging old SafeGuard clients / Purging unassigned users

Hi SOPHOS-Support-Team, hi SG-Admins,

we have two issues in our SafeGuard environment and want to purge old, inactive clients if possible.

We are running SafeGuard 6.00.10 on our SG Enterprise Server as well as on most of our SG Clients.


Case 1:

We are receiving all known client objects from our Active Directory via sync-job regardless if SafeGuard is in use or not. Only MobileClients will get SafeGuard installed. There are international ActiveDirectory SubSites where decommisioning of clients isn't working that well. There are Clients still registered in AD even when this clients are decommissioned already.
Now, while this offline clients still remain in AD, they are even still registered in SafeGuard. Even if there is no communication for more than six month, now. This situation brings us to a license issue. We have an amount of over 400 clients which haven't been connected to SG Enterprise Manager for over 6 month now.

Is there a way to purge inactive clients like that command "purgedb" found for Sophos Control Center even for SafeGuard Enterprise?

Case 2:

Sometimes our employees are using a SafeGuarded Notebooks for just a period of a month when they are on a business trip for example. While they use SafeGuard for the first time, there was a new certificate generated automatically for them.


After this first SafeGuard usage periode ends the user will go on working on a desktop without SafeGuard. The Notebook will be decommisioned and recycled for another usage after their return but the User Certificate still remains in the SafeGuard-Database which will be a problem later ...

When this One-Time SafeGuard-Users will become a SafeGuard User again in future, the old certificate with the very old and unknown password will be synced to that fresh SafeGuard-Installation. The User will become asked for that unknown old password.

Is there a way to query and detect Users with certificates but not asigned to a workstation?
May it be possible to purge all this users without workstation assignment?

Do you have Programms, Tools, Scripts or SQL-Queries to help us purging the old stuff out of the SG-Database?

Thanks in advance,

Peter

:44371


This thread was automatically locked due to age.
Parents
  • Hi Chris,

    I understand your concerns. On the other hand it is a bad idea not to use a SafeGuard Client as a Security Officer.

    Password would get out of sync with Windows password.

    Solution to your question :

    Script could additionally check if user is a Security Officer and skip deletion of certificate in this case.

    Regards,

    Holger

    :44879
Reply
  • Hi Chris,

    I understand your concerns. On the other hand it is a bad idea not to use a SafeGuard Client as a Security Officer.

    Password would get out of sync with Windows password.

    Solution to your question :

    Script could additionally check if user is a Security Officer and skip deletion of certificate in this case.

    Regards,

    Holger

    :44879
Children
No Data