The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article explains how to create an Active Directory group policy to prevent administrators from stopping the Sophos Anti-Virus service.
By default all users who are a member of the administrators group can stop services on a client computer. This means that they can stop the Sophos Anti-Virus service and remove Sophos endpoint security software with these rights.
Applies to the following Sophos products and versions Sophos Endpoint Security and Control
The instructions below are for a Windows 2008 server. On the Windows 2008 Domain Controller:
You can now apply the group policy to required containers in the normal way and allow the policy to be applied to the client computers.
You can test the functionality by enabling the GPO and logging onto a client computer as an administrator or as an account with group permissions that you have restricted. Attempting to stop the service will display the following message:
Could not stop the service on Local Computer. Error 5: Access is denied.
OR the option to stop the service is grayed out and unavailable.
Either of these shows that the GPO was configured and applied to the client successfully.
If you do not see the error message and you are still able to stop a restricted service, check that the GPO was configured correctly and that there are no conflicting GPOs.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Jeder hier hinterlassene Kommentar wird von einem Mitarbeiter gelesen, wir antworten jedoch nicht auf spezifische technische Fragen. Wenn Sie technischen Support benötigen, posten Sie bitte eine Frage in unserer Community. Alternativ können Sie für lizenzierte Produkte auch ein Support-Ticket öffnen.