Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 733 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

<Find New Computers> How does it work?

Yabusame

Hi folks,

Can someone tell me what SEC does when I click on the <Find New Computers> button?  Is it interrogating a domain controller, is it using specific protocols etc.  Would like a walkthrough if someone can point me to it.

Thanks in advance,

Yabusame.

:4609


This thread was automatically locked due to age.
Parents
  • 0

    A few things come to mind on this topic:

    If you're using an IP find http://www.sophos.com/support/knowledgebase/article/16436.html gives some information on what is going on and how you can tweak it to get the best results for your network.

    If your using AD as the source (this is the most efficient and typically the most reliable I would think), I suspect it goes to the global catalog server, so port 3268 (http://technet.microsoft.com/en-us/library/cc978012.aspx) would be contacted, TCPView or Process Explorer could back this up.

    If you're using Windows networking search, then standard master browser stuff is at play.  So make sure the SEC server can see most of the machines in the Windows network view.

    It is worth bearing one thing in mind, when you're in the wizard in SEC it is running as the logged on user; when the management service acts on the data it is running as local system and therefore connects to the global catalog server as the machine account of the management server.  As an example, if you set up a sync point you do so in the wizard, so you might be able to configure container A to be synced with SEC group A.  This is written to the database as the config, the management service reads the config, and attempts to connect to AD and is unable to due to permissions.  I'm not saying this will happen but in theory it could and is worth being aware of the 2 user contexts that are in play between the GUI and the service.

    I hope this offers some information.

    Jak

    :4628
Reply
  • 0

    A few things come to mind on this topic:

    If you're using an IP find http://www.sophos.com/support/knowledgebase/article/16436.html gives some information on what is going on and how you can tweak it to get the best results for your network.

    If your using AD as the source (this is the most efficient and typically the most reliable I would think), I suspect it goes to the global catalog server, so port 3268 (http://technet.microsoft.com/en-us/library/cc978012.aspx) would be contacted, TCPView or Process Explorer could back this up.

    If you're using Windows networking search, then standard master browser stuff is at play.  So make sure the SEC server can see most of the machines in the Windows network view.

    It is worth bearing one thing in mind, when you're in the wizard in SEC it is running as the logged on user; when the management service acts on the data it is running as local system and therefore connects to the global catalog server as the machine account of the management server.  As an example, if you set up a sync point you do so in the wizard, so you might be able to configure container A to be synced with SEC group A.  This is written to the database as the config, the management service reads the config, and attempts to connect to AD and is unable to due to permissions.  I'm not saying this will happen but in theory it could and is worth being aware of the 2 user contexts that are in play between the GUI and the service.

    I hope this offers some information.

    Jak

    :4628
Children
No Data
Unfiltered HTML