PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
When using virtual machines that run on a virtualization server, it is possible to run several instances of the same virtual machine from an original gold image. Identity is normally set at the time of software installation. Therefore, if multiple instances of the gold image run at the same time, they will all attempt to use the same identity. Following this, if the Sophos Central Endpoint software is installed into the original gold image, all the virtual machines created from that gold image will have the same identity in the Central Admin console.
This article describes how to install Sophos Central Endpoint software on a gold image, so that every instance of a virtual machine run from that single gold image gets its own unique identity. This allows it to be managed correctly from the Sophos Central.
Note: Creating a gold image for a server with Sophos Central Server Lockdown or Sophos Central Update Cache is currently unsupported.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Cloud Managed EndpointSophos Cloud Managed Server 1.4.0
In order to run Sophos Central Endpoint on gold images, you must force the MCS component to re-register with the Central servers so that a new ID is assigned. This must be done when the new instance of the gold image is started for the first time.
C:\Programdata\Sophos\Management Communications System\Endpoint\Persist\
%ALLUSERSPROFILE%\Application Data\Sophos\Management Communications System\Endpoint\Persist\
C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\data\
C:\Programdata\Sophos\Management Communications System\Endpoint\Config\
%ALLUSERSPROFILE%\Application Data\Sophos\Management Communications System\Endpoint\Config\
When the Sophos MCS Client service is started it will register with the Sophos Central Servers and obtain a unique ID. We suggest you now shutdown the machine and take the gold image from this point. When the machine next starts the Sophos services will start with it and will therefore obtain a new ID.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.