When using virtual machines that run on a virtualisation server, it is possible to run several instances of the same virtual machine from an original ‘gold image’. Because the identity is normally set at the time of the software installation, when multiple instances of the gold image are run at the same time, being exact replicas, they all attempt to use the same identity.
It follows from this that if the Sophos Central Endpoint software is installed onto the original gold image, all the virtual machines created from that gold image will have the same identity in the Central Admin console.
This article describes how to install Sophos Central Endpoint software on a gold image, so that every instance of a virtual machine run from that single gold image gets its own unique identity. This allows it to be managed correctly from the Sophos Central.
Applies to the following Sophos product(s) and version(s)
Sophos Cloud Managed EndpointSophos Cloud Managed Server 1.4.0
Note: Creating a 'gold image' for a server with Sophos Server Lockdown is currently unsupported.
In order to run Sophos Central Endpoint on gold images, you must force the MCS component to re-register with the Central servers so that a new ID is assigned. This must be done when the new instance of the gold image is started for the first time.
Note: Before proceeding you will be required to disable tamper protection on the machine you are using as the base image, for guidance on how to do this please see How to disable Tamper Protection
C:\Programdata\Sophos\Management Communications System\Endpoint\Persist\
%ALLUSERSPROFILE%\Application Data\Sophos\Management Communications System\Endpoint\Persist\
C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\data\
%temp%\Sophos MCS Install Log.txt
Property(S): TOKEN =
C:\Programdata\Sophos\Management Communications System\Endpoint\Config\
%ALLUSERSPROFILE%\Application Data\Sophos\Management Communications System\Endpoint\Config\
Important note: When the Sophos MCS Client service is started it will register with the Sophos Central servers and obtain a unique ID. We suggest you now shutdown the machine and take the gold image from this point. When the machine next starts the Sophos services will start with it and will therefore obtain a new ID.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.