Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 3059 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Changing Update Manager Server

BeTheHopeful

Is there a way, outside of the Enterprise Console, to control what Update Manger server a client uses after the agent is installed (i.e. group policy)?

We apply our group policies at the site level using AD Site and Services, and our OU structure is not configured based upon sites; so creating groups in the SEC would be a very difficult task for over 15,000+ clients.

Thanks,

Tim

:4768


This thread was automatically locked due to age.
  • 0

    Hello Tim,

    trying to understand your question: You (want to? - are you in the planning phase or have you already deployed Sophos?) all 15,000+ clients from one SEC. You have additional SUMs for the sites? And you want the clients to update from their "nearest" SUM? Or are you talking about several management servers?

    Anyway - the updating policy is only one type of policy. I don't think you can manage that many clients without some group structure - and running practically unmanaged is not a good idea.

    If you give us some more details about your (planned) setup it'd be easier to suggest something. BTW: yes, you could distribute an updating policy using GPOs (although it's not the recommended way :smileywink:).

    Christian

    :4773
  • 0

    Christian,

    We are in the Planing/Testing phases. We'll have one SEC and set up additional SUMs for the sites, and we would like the clients to point to the nearest one without having to manually move them into seperate groups in the SEC.

    I hope that answers your questions.

    Thanks,

    Tim

    :4776
  • 0

    Hello Tim,

    I don't know how familiar you are with the concepts of SEC and what you've already been told. Let me mention a few things.

    As I said the groups are the basis for policy assignment. You need them if you want or have to apply different policies. You also need groups if you want to use Roles and Sub-estates (which is probably a good idea). Back in SEC3.1 it was recommended that a group should contain no more than 1000 clients but I don't know whether this is still true.

    Another point to consider is the number of network connections on your management server. Message relays can reduce the number of concurrent connections.

    As your main problem is to set up a group structure and get the clients into it using Protect computers is out of the question. Well, what would I do?  

    1. Start with the SUMs (and configure them as message relays). Create a group for each SUM (e.g. SUMSitenn under the root, create and assign the appropriate policies and move the SUMs to their group.
    2. Use GPOs (or a equivalent method which you can apply on the site-level) to install Sophos on the clients. This could be a simple script to install from the correct CID or a package. Specify the -G parameter on setup.exe with the desired group (e.g. \\YOURSERVER\SUMSite01 - it is case sensitive). As clients install they will be moved to the correct group for future management.
    3. Create subgroups and move the clients as necessary.   

    Hmm, almost sounds too easy. Is there a way, outside of the Enterprise Console, to control what Update Manger server a client uses after the agent is installed. As outlined above you make the settings before install. Even if you mess up with the -G parameter you can later "mass move" them to their groups as they should report their update location to SEC (which is the initial install directory). You can sort them by update location (well, you'll probably not install all of them at once), select and drag.

    HTH

    Christian

    :4782
Unfiltered HTML