This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise read-only console

I am running Console v3.1 and would like to setup the read-only console for a user. I have the role based-admin guide but cannot find the installer for the read-only console. Suggestions?

This thread was automatically locked due to age.

0 mnaylor over 15 years ago

The document actually mentions "Sophos Help Desk Console.msi" as the installer. Is it not a different installer?
:2487
0 QC over 15 years ago

Only for Version 3.x. From SEC 4.0 on it's only one console and the functionality is only "controlled" by configuring roles and sub-estates.

It seems the downloads of the special consoles have been removed from the website. Guess you still can have them though if you insist but since - as Sandy said - 4.0 is current (and required for SAV 9 which includes additional features) and will be 4.5/9.5 soon (with even more features) I second the recommendation (BTW: you can't upgrade to 4.5 directly from 3.x as far as I know).

Christian
:2498
0 mnaylor over 15 years ago

I'm planning the upgrade/migration to v4 this summer...already have the docs from tech support. I need to set up the read-only console in response to a request from my director. Can someone provide me with the DL links or so I need to open a support request?
:2552
0 SophosAV over 14 years ago

OK, so I want a "Read Only" console for the Plebs and I don't want them to be able to move or delete computers, assign policies or protect computers within the Enterprise Console! However, there are 9 DEFAULT rights for a new role that are fixed and unchangeable :smileysad: That's not exactly what I would call flexible....
Below are the default rights that are assigned to new roles and useless if you want a Read Only console in v4 - v4.5;
Find computers.
Import computers from a file.
Import computers and containers from Active Directory.
Synchronize a group with Active Directory.
Change group synchronization properties and remove group synchronization.
Protect computers.
Move and delete computers.
Create, rename, move and delete groups.
Assign policies to groups.
:10441
0 QC over 14 years ago

Hello SophosAV,

maybe you "misread" the GUI - the list is the description of the first available right (Computer search, protection and groups), not the list of "basic rights".

I'm not sure if a role without rights will work (and too lazy to test, I'll leave this to you:smileywink:) - if not, the Report configuration right looks pretty harmless.

Christian
:10447
0 SophosAV over 14 years ago

Yeah, thanks QC, I was getting all upset over nothing :smileyvery-happy:. It IS just a description. I tested the Guest role and does appear to be read only, so happy days! I can now assign my plebs (inc me!) to the Guest role...
:10453
0 SophosAV over 14 years ago

I just wanted to update this thread in-case anyone else has the same issue. I installed the remote console and made the user a member of the Read Only group and Read Only sub-estate I setup. I then added the same user to the local "Sophos Console Administrators" group on the Sophos Managment server. Unfortunately, I got the error message that the user should be a member of the "Sophos Console Administrators" group, which she already is. So, after checking the following KB (http://www.sophos.com/support/knowledgebase/article/14891.html) I noticed that is says (at the very bottom) to add users to the Local "Distributed COM Users" group on Win2k3 servers. I done this and now have a remote v4.5 console ;)
:10763