"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
You would like to move computers to a group in Enterprise Console post installation of the endpoint software. Rather than moving endpoints manually in Enterprise Console or re-protecting the client with the -G command line option of setup.exe, this action can be automated from the client endpoint through the use of a registry key. This maybe be useful to incorporate in a lightweight script, an example of which is in the 'Technical Information' section below.
Note: This same registry key is used by the setup.exe when the -G switch is used.
Action/What to do:
HKLM\Software\Sophos\Remote Management System\ManagementAgent
HKLM\Software\wow6432node\Sophos\Remote Management System\ManagementAgent
Restart the 'Sophos Agent' service. This can be done from running 'services.msc'.
Once the service has restarted, check that the computer has been moved to the expected group in Enterprise Console .
The above steps could be performed via a simple batch file, for example, on a 32-bit computer, run:
@echo off reg add "HKLM\Software\Sophos\Remote Management System\ManagementAgent" /v GroupPath /t REG_SZ /d \server\group net stop "sophos agent" net start "sophos agent"
Note: Once the 'Sophos Agent' service has been restarted, the above key is deleted to prevent the message to move the computer repeatedly being sent to the management server each time the 'Sophos Agent' service is started.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.