This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scripted push of the "Comply with Policy" task

I have several humdered machines on site that state they are "Differs from Policy" this is because of a change to the AV policy since the build of the "Gold Image", I can, from the Sophos Enterprise Console, select all machines with the Differs from Policy issue and Right-Click and "Comply with AV/HIPS Policy", however I would like this to be an automated process once an hour.

i.e. a winodws scheduled task on the sophos sec server that communicates with the Management Server and perfoms the "comply with " RMS message

Can you Help?

:22747


This thread was automatically locked due to age.
Parents
  • SHIGGS,

    I have no idea how this could be hacked into the current implementation (apart from the fact that this would be a somewhat dangerous feature). There is no interface available.
    A client does not request the policies once it is installed. SEC pushes a policy when a different policy is assigned (this includes the client being moved to another group with a different policy), the assigned policy changed or "comply with" is requested.

    Anyway IMO the "correct" behaviour would be that imaged clients request the policies from the console when they start. Maybe this could be done but I don't know the details. I suggest you contact Support directly.
    [edit:] just read your post, Jak. Thought along the same lines but was reluctant to suggest it as I don't know how reliable it is. That is, for a significant number of clients the "Awaiting policy transfer" after install does not change unless compliance is enforced. No problem for me but here this would be.

    Christian
    :22833
Reply
  • SHIGGS,

    I have no idea how this could be hacked into the current implementation (apart from the fact that this would be a somewhat dangerous feature). There is no interface available.
    A client does not request the policies once it is installed. SEC pushes a policy when a different policy is assigned (this includes the client being moved to another group with a different policy), the assigned policy changed or "comply with" is requested.

    Anyway IMO the "correct" behaviour would be that imaged clients request the policies from the console when they start. Maybe this could be done but I don't know the details. I suggest you contact Support directly.
    [edit:] just read your post, Jak. Thought along the same lines but was reluctant to suggest it as I don't know how reliable it is. That is, for a significant number of clients the "Awaiting policy transfer" after install does not change unless compliance is enforced. No problem for me but here this would be.

    Christian
    :22833
Children
No Data