Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 5649 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lock down Endpoint policies

David_Infinity

Hi,

New to Sophos, have just installed EndPoint and pushed out the client and policies to all workstations. I have noticed that clients are able to make changes to the policies defined by the server on their local workstations throwing up a warning on the server that the policies do not match.

My question is, is there anyway to lock the policies pushed out to the clients to stop them making changes?

Thanks in advance for any assistance.

:1046


This thread was automatically locked due to age.
  • 0

    Hi,

    You most likely have added the local users to the local Administrators group of the system. At install time, Sophos Anti-Virus creates a couple of groups, one being the Sophos Administrators group. This group grants its members full rights to change scan settings and such on the client. During the installation, any members of the local Administrators group are added to the Sophos Administrators group. That said, simply removing the users from the Sophos Administrators group will lock down the policies so they cannot be changed by the user. However, since the users are still local Administrators, they could add themselves back to the Sophos Administrators group if they knew how and had the necessary access. Other security measures should be put in place if other 3rd party application functionality requires that the user be a local Administrator of the system. (IE, lock down access to the computer management snapin, utilization of restricted groups, etc.)

    Regards

    :1048
  • 0

    Hi,

    Sorry to hijack the thread but I'm having the exact same issue. Users are able to turn off Data Control, Firewall and Device control.

    I've removed all domain accounts from the local and Sophos admins groups, restarted, reapplied policies and still I'm able to remove/modify policies.

    Obviously I can just re-apply the policies from the console but it'd be better if we could prohibit changes altogether.

    Any other ideas?

    EDIT - Forgot that my account was a member of SophosDomainAdministrators. Removed myself and all work fine - apologies!

    :1093
  • 0

    Hello

    See you the Beta for Endpoint Security and Control 9.5, this have Tamper proofing to prevent end users from uninstalling Sophos.

    If I'm in the correct this option will be block too to the access to Sophos configuration.

    Really, I waiting for this beta because the actual Sophos Policie is poor.

    Regards,

    Linck Tello Flores

    :1097
Unfiltered HTML