Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 5650 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lock down Endpoint policies

David_Infinity

Hi,

New to Sophos, have just installed EndPoint and pushed out the client and policies to all workstations. I have noticed that clients are able to make changes to the policies defined by the server on their local workstations throwing up a warning on the server that the policies do not match.

My question is, is there anyway to lock the policies pushed out to the clients to stop them making changes?

Thanks in advance for any assistance.

:1046


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    You most likely have added the local users to the local Administrators group of the system. At install time, Sophos Anti-Virus creates a couple of groups, one being the Sophos Administrators group. This group grants its members full rights to change scan settings and such on the client. During the installation, any members of the local Administrators group are added to the Sophos Administrators group. That said, simply removing the users from the Sophos Administrators group will lock down the policies so they cannot be changed by the user. However, since the users are still local Administrators, they could add themselves back to the Sophos Administrators group if they knew how and had the necessary access. Other security measures should be put in place if other 3rd party application functionality requires that the user be a local Administrator of the system. (IE, lock down access to the computer management snapin, utilization of restricted groups, etc.)

    Regards

    :1048
Reply
  • 0

    Hi,

    You most likely have added the local users to the local Administrators group of the system. At install time, Sophos Anti-Virus creates a couple of groups, one being the Sophos Administrators group. This group grants its members full rights to change scan settings and such on the client. During the installation, any members of the local Administrators group are added to the Sophos Administrators group. That said, simply removing the users from the Sophos Administrators group will lock down the policies so they cannot be changed by the user. However, since the users are still local Administrators, they could add themselves back to the Sophos Administrators group if they knew how and had the necessary access. Other security measures should be put in place if other 3rd party application functionality requires that the user be a local Administrator of the system. (IE, lock down access to the computer management snapin, utilization of restricted groups, etc.)

    Regards

    :1048
Children
No Data
Unfiltered HTML