Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 2350 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Passthru for remote management console

Uncle_Ben

Hi,

As told by the Sophos guy that, we have to build up a AD trust between the HQ & Remote offices before the allowing the remote admin pc to monitor their own PCs via the management console. However, because of some reason we cannot build up the trust relationship.

I just thought, does it works if I setup a passthru a/c for the remote PC on the Sophos Server in HQ, and then install the remote managment console on the remote admin pc which is login with a domain a/c AND there is a same user a/c same pwd as the domain one? Does it works once I permit the same local a/c on the Sophos Server and put it to the proper role / group ?

:4590


This thread was automatically locked due to age.
  • 0

    Hello Uncle_Ben,

    describes a similar problem. I've written the answer for 4.0 but it still works on 4.5. Haven't tried it domain to domain but it might work. The crucial point is adding the user (in this case the user's SID) to SEC. Be aware that this is a hack ...

    Christian

    :4593
  • 0

    Well... it makes me confused and I really don't understand the details......

    I also don't understand what you mean of adding the user' SID to SEC....

    Can you have an outlined details? Thanks!

    MY case:

    Sophos Server on AD1 (AD1 domain a/c: abc) <------VPN-------> PC on AD2 (login AD2 domain a/c as abc with same pwd)

    [1] Want to use SEC in PC on AD2

    Remark: There is a local a/c 'abc' with same pwd as AD1 & AD2.

    :4602
  • 0

    Well ... the basic requirement is that you can connect to SERVER.AD1.your.com from PC.AD2.your.com, for example \\SERVER.AD1.your.com\SomeShare. It there is a trust this should work without specifying "different credentials". Otherwise you have to specify an account from AD1 (assuming you permit access from outside the domain).  As said in the thread you'd save these credentials for accessing SERVER. The AD1 user must belong to required groups (the same requirement as for using a remote console inside AD1).

    If you open the console on PC it should tell you that the user is not assigned to a sub-estate. On SERVER using SEC you open Manage roles ..., Edit the desired role, Add... and in the Enter the object names ... pane  you type AD2.your.com\abc (or perhaps abc@AD2.your.com). It will prompt you for credentials to access the user information on AD2 and then add the user.

    Christian   

    :4605
  • 0

    QC,

    Yeah~ It works now! The workaround solution is logical, now the remote PC can run the SEC to monitor their region hosts.

    Thanks a lot~~  :smileyvery-happy:

    :4684
Unfiltered HTML