"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Automatic deployment (installation) of endpoint software using Active Directory synchronization does not take place for some computers that are not running a server operating system. Note:
First seen in Enterprise Console 4.0.0
When performing an automatic deployment of Sophos Endpoint Security and Control as part of an Active Directory synchronization; Sophos Enterprise Console performs a look-up against a Domain Controller (DC) to check the 'logonCount' attribute of each computer object it is attempting to deploy to. If this value is set to '1' or more then the deployment will take place. However if the 'logonCount' attribute of a computer has a value of '0' the installation will not be attempted.
In most environments the 'logonCount' is always likely to be 1 or higher, however in a multiple DC environment this attribute will not get replicated between DCs. Thus if a computer never authenticates against the DC queried by Enterprise Console, the deployment will fail for that computer.
This issue is being tracked as DEF85760 and the behavior will be changed in a future release of Sophos Enterprise Console.
In the interim, deploying to endpoints manually from Sophos Enterprise Console or as part of a scripted approach will still work. For more information on other deployment methods see article 114191.
To help you establish which computers are affected, a script has been generated which, when run from the Sophos Enterprise Console computer, will list all computers that have a 'logonCount' of '0'. The following steps describe the procedure:
Note: We cannot provide a script to modify the 'logonCount' for a computer object as this value cannot be manually set/imported into Active Directory.
The logonCount cannot be manually edited. To view the 'logonCount' attribute for a computer object you can use either:
It is important to remember that this attribute is not replicated between DCs but a count of number of logons for the computer object against the DC you are connecting to. For more information on this attribute see Microsoft article: http://msdn.microsoft.com/en-us/library/windows/desktop/ms676845(v=vs.85).aspx.
Tutti i commenti qui inseriti vengono letti (dal team di supporto), ma non verranno inviate risposte specifiche ad alcun quesito tecnico. Nel caso richiediate supporto tecnico, vi invitiamo a postare il vostro quesito nella nostra community. Altrimenti, se la richiesta di supporto riguarda un prodotto con licenza, vi invitiamo ad aprire un ticket per il team di supporto.