We have Sophos 10. Currently when a new machine is added to our Domain, it runs a script which installs the Endpoint software onto the machine. The issue is that the new machine shows up in the 'Unassigned' group which doesn't get any policies until we move it to a different group. Is there a way for the system to assign new machines to an existing group by default either in the console or via a script when installed? Thanks!
You will need to use the -g switch if you are running setup.exe as per:
The way it works means you could move the machine post install if required. For example:
.\setup.exe [otherswitches] -g "\ServerName\Servers\2003 computers"
Note: It is case sensitive and you have to include the server name.
Setup.exe writes a reg key with this "path" here:
HKLM\Software\[wow6432node]\Sophos\Remote Management System\ManagementAgent
String value of "GroupPath ", with the value in this case of "\ServerName\Servers\2003 computers ".
Then, when the Sophos Agent gets installed as part of RMS, this reg value is read by the service, and a message goes back to the management server to move the machine. The key is removed to save the message keeping going back.
So, you could, if it makes more sense, create the key and restart the Sophos Agent service and it would also move it.
Hopefully you can incorporate this into your deployment scripts and that you have some logic to map the machines to group. Maybe be you just need a couple of "bootstrap" groups in order to get a policy or some sort to the machines to make the logic easier on the client.