Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2056 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible group enumeration bug in 4.5

DavidRickard

I've found an issue with EM Console. 

Microsoft best practices say that you should not add users directly to Domain Admins. We've got a brand new domain, where we've created a system admins group (which is a member of Domain Admins) and then we add our admin users to that group.

However, users added that way won't work with EM Console. It just says they don't have rights to the console. Move the user directly into Domain Admins, and it does work. 

I've not tested it massively, but it also affected installation too. Can anybody else confirm this behaviour?

:3715


This thread was automatically locked due to age.
Parents
  • 0

    It isn't - domain admins are members of the Sophos Administrators group.

    Also, during installation I was using my domain admin account, and it was failing miserably to find the domain. As soon as I logged in as THE domain administrator, it worked.

    Longer term, I'll probably be inclined to do the groups more explicitly. But still, it should still be able to enumerate those groups, surely?

    :3721
Reply
  • 0

    It isn't - domain admins are members of the Sophos Administrators group.

    Also, during installation I was using my domain admin account, and it was failing miserably to find the domain. As soon as I logged in as THE domain administrator, it worked.

    Longer term, I'll probably be inclined to do the groups more explicitly. But still, it should still be able to enumerate those groups, surely?

    :3721
Children
No Data
Unfiltered HTML