This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Prevent ZTNA installation on newly added clients

Hi everyone,

I am currently testing ZTNA on a specific device with a specific user where I had to activate ZTNA manually.
But my colleague who is responsible for rolling out new clients via our software management reported that if he now rolls out a new device, which includes installing the Sophos Endpoint software via LocalInstallSource (not the SophosSetup.exe!), the Sophos Endpoint automatically gets ZTNA enabled and installed.

How can we prevent that from happening?

Kind regards,

Philipp



This thread was automatically locked due to age.
Parents
  • Thank you for reaching out to the community forum.

    Based on the description you've mentioned above. It looks like Agent-base Policy is currently enabled on your ZTNA.

    You may need to change this to Agentless settings in order for ZTNA not to get pushed when you install Sophos endpoint on your devices.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Glenn,

    But how am I able to further test agent based ZTNA on one specific device with one specific user then? Don't I need the agent based policy in order to test this stuff in the first place? I just want it to be enabled for one specific device, not automatically for all fresh installations. That is ridiculous.

Reply
  • Hi Glenn,

    But how am I able to further test agent based ZTNA on one specific device with one specific user then? Don't I need the agent based policy in order to test this stuff in the first place? I just want it to be enabled for one specific device, not automatically for all fresh installations. That is ridiculous.

Children
  • I'd suggest using the "--products=" command line option to specify which components you'd like to deploy. By leaving "ztna" absent from the list you populate, you can prevent it from being deployed. 

    Installer command-line options for WIndows

    Products to install

    Specifies a list of products to install. If you specify a product that you don't have a license for, then it isn't installed.

    --products=<comma-separated list of products>

    Trailing argument

    Comma-separated list of products to install.

    Available options are: antivirus, intercept, mdr, xdr, deviceEncryption, ztna, none, or all.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids