Historical context:
We have a single Sophos server running Enterprise Console ver. 4.0.0.2362. Our Three primary groups were created by synchronizing with each of our domains; FMT (parent domain and the location of our Sophos server), FHS (child), FPS (child).
Until now, our rollout of sophos clients (replacing existing Symantec client) has been local to the high school, which is the core of our network and the physical location of our Sophos server. This site consists of 400 or so clients and these installs have been reasonably smooth. We are now ready to distribute Sophos clients to each of our elementary schools. Given already congested T1 connections to each of our other sites we want to set up distribution servers at each of these sites.
These 5 remote locations are all members of the FPS child domain. The Active Directory hierarchy is broken down first by site (efs ou, nws ou, iar ou, etc) and then by object (iar students, iar faculty, iar computer, etc). The computer container is then broken down by rooms or areas (library, room 102, lab 01, lab 02, etc) for the purposes of assigning resources via AD group policy.
I have Sophos Enterprise Console installed at the first of these (IAR), in the FPS child domain. I have created an Update Policy for IAR, which is where my questions begin.
Sophos1 = Primary Sophos server at WAN core.
Sophos2 = Distributed Sophos server at remote location
I have edited the update policy for my first site (IAR) and changed the Primary Server address from Sophos1\sophosupdate to Sophos2\sophosupdate.
Would best practice be to use Sophos1 as my Secondary Server?
Are there any other concerns when setting up a server at a remote site?
Now that I've modified my new IAR Update Policy I need to apply it to all of the computers in the IAR OU synched container. However, I can't find a way to change all subgroups to this new policy. I have hundereds of subcontainers throughout the district (just about 1 for every room in every building) and won't be happy to find that I have to edit each group individually.
Please tell me there is a way to allow subgroups to inherit policy info from parent containers.
If not, what is the easiest way for me to make this change and have the change propagate to subcontainers?
Any other hints about how to make Sophos run smoothly in this environment would be most welcome.
This thread was automatically locked due to age.
