This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Feature Request : Role required to disable tamper protection? [Customize Role definition for each Section ]

I assumed that the "Help Desk" role would include the ability to disable tamper protection or view the tamper protection password for a device.

This seems a natural and obvious thing to need a Help Desk team to be able to do so they can diagnose issues and do uninstalls without requiring them to be full administrators of Sophos Central or need to involve those who are.

This doesn't seem to be the case though.

Surely not?



This thread was automatically locked due to age.
Parents
  • Hi Paul , 

    It would seem you may need to use admin role for such concern as the user can uninstall the Agent from the PC , that would have the same rights to change the policy . Although Central would improve as per customer demand . I would personally would like a Customized role with Read/Write for Certain sections . 

    I shall rename this Thread as a Feature request 

    Thanks and Regards

    Aditya Patel 

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Reply
  • Hi Paul , 

    It would seem you may need to use admin role for such concern as the user can uninstall the Agent from the PC , that would have the same rights to change the policy . Although Central would improve as per customer demand . I would personally would like a Customized role with Read/Write for Certain sections . 

    I shall rename this Thread as a Feature request 

    Thanks and Regards

    Aditya Patel 

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Children
  • Aditya Patel said:

    It would seem you may need to use admin role for such concern as the user can uninstall the Agent from the PC , that would have the same rights to change the policy . Although Central would improve as per customer demand . I would personally would like a Customized role with Read/Write for Certain sections . 

    Hi Aditya, I'm confused if I have to disable tamper protection before uninstalling Sophos Central from a client if I have admin rights?

    It would be nice to be able to fully customise roles, but in any company of enough size to have separation of duties it's totally normal for Help Desk to need to be able to do this kind of thing.

    Tbh I'm really surprised that Help Desk don't have the option to disable tamper protection or at least view each individual PCs Sophos password.

    Thanks :)

  • Hi Paul, 

    If you want to remove the endpoint from the system , then you may boot into safe mode and Uninstall the components from Control Panel . This would be a Workaround without Disabling Tamper protection . 

    You may follow the link for the procedure , and Share it with Help-Desk .

    community.sophos.com/.../123743

    Thanks and Regards

    Aditya Patel 

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.