Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console 4.0

Max

Hi Guys,

I have a server that has the management console installed on.  It is not the main server.

I am trying to set this up so my helpdesk can carry out delegated functions without having to RDP onto the main server.

I have found that in order to launch this remote console they need not only to be a member of the Sophos Console Administrators group, (I got that from the original error message) but also local administrators on the actual main server (kind of defeats the object..)

Anyone have any idea what i need to change on the main server to allow them to run the console without being a local admin?

Many Thanks,

Max

:5030


This thread was automatically locked due to age.
  • 0

    Hello Max,

    please use the tag Remote Console to find relevant posts/topics in this forum. It should not be too hard to find the necessary answers.

    Christian

    :5037
    • 0

      Thanks for the reply Christian,

      Sadly unless i'm missing something (which is quite likely)  that tag only brings up 4 thread, none of which quite mirror my issue.

      Its clear to me to run the console you need some kind of permission on the main sophos server that is not within the SEC as these permissions are fine, and not the console admins local group, as this is also fine.

      I'm guessing its a right to to a file or service on the server that power users doesn't give my local admin does.  I just need to know what it is.

      The remote console installtion is fine as if i run it as a domain admin it works, and if a grant a test account elevated rights is also works.  The second i remove them.. Computer says no!!....

      Thanks,

      Max

      :5040
      • 0

        Hi,

        For a non admin user on the SEC server, I would suggest you:

        Add the user account or domain group they are a member of to the relevant sub-estate, and assign them to or create an appropriate role in SEC.

        Ensure that the user or group is a member of:
        Sophos Console Administrators

        Distributed COM users.

        Hope this is useful.

        Jak

        :5049
        • 0

          Hello Max,

          Sadly ...

          Perhaps too many details at once :smileyhappy:. Well, as jak said, you need some group membership. Looked at one of my management servers ... so, the following groups are necessary:

          Distributed COM Users

          Sophos Console Administrators

          Sophos DB Users

          For more privileges:
          Sophos DB Admins

          Sophos Subestate Admins

          If the users should be able to Protect Computers they must have the Allow log on locally permission (Local policies/User Rights Assignment).

          Feel free to ask again if this doesn't solve your problem.

          Christian

          :5053
          • 0

            Awesome guys,

            Distributed COM Users

            Sophos Console Administrators

            Sophos DB Users

            Sorted my issue perfectly.

            Thanks alot :-)

            Max

            :5055
            Unfiltered HTML