Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 13 subscribers
  • Views 6447 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can I reset the SophosSAU local account password without breaking Sophos?

B_B

We have password audits and with Sophos installed on the DC's it shows as an AD account that has a password set to never expire.  Can I set it to expire and reset it?



This thread was automatically locked due to age.
  • 0 in reply to B_B

    Hello B_B,

    I have to apologize, I didn't think. As to posting in the sophos central forum - no offence intended but posts don't always end up in the most applicable forum.

    As said, I did not think. The minor shortcoming: HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\ - I missed the missing reference to bitness, most Sophos components are 32bit and the keys are under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ on 64bit systems. The bigger mistake is the oversight w.r.t. the local GUI - guess the GUI for Central Endpoint doesn't display the update settings as changing them doesn't make sense.
    Thinking it over I'm pretty sure that AutoUpdate doesn't need the impersonation account in a Central installation. The account is used when accessing an update location via UNC. It might be that the account is only impersonated when updating via UNC is attempted, and Central updates via HTTPS. If you disable the account - does it still update? Could this be a solution?

    Christian

  • 0 in reply to QC

    Is there any chance we can have someone from Sophos pipe in on if it's actually needed?  I am really not a fan of using a DC to test.  We all know how hard it is to fix when Sophos has issues.  

     

    Christian I appreciate all the help and as much as your in the community I forget you don't work for Sophos and I am sorry for being short and rude.  

  • 0 in reply to B_B

    Hello B_B,

    I don't see where you have been rude :)

    not a fan of using a DC to test
    no other computer on Central? Doesn't matter whether the account is local or AD. If AutoUpdate requires that it can impersonate it before updating the you'll get an error when it's disabled. Nothing bad will happen otherwise and once re-enabled updating works as before.

    Christian

  • 0 in reply to QC

    I know and was going to.  I am just tired of doing Sophos job for them.  If it's not needed then why is it added?  If it's for the..... MY GOD Seriously .... I just logged in to make sure I said the correct name of the proxy and there is this below.  So does this replace the SophosSAU account?  

  • 0 in reply to B_B

    Hello B_B,

    If it's not needed then why is it added?
    because it was always there. Sophos tries to not to branch components and their installers as far as possible. Thus AutoUpdate can work with on-premise UNC and HTTP, and HTTP from Sophos (as fallback for roaming endpoints) updating, and for Central HTTPS from Sophos or a cache. And, BTW, it can also update PureMessage's SPAM rules.

    Proxy is not related to SophosSAU, the option to define a proxy has "always" been there. As said, the impersonation account should only apply to UNC updating.

    Christian

Unfiltered HTML