Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 2509 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bug: Sophos Enterprise Console loosing Computer Description after Endpoint Setup

StefanHaßlinger

When importing new Computer-Objects in Enterprise Console from AD, the description field is filled like it should (with the information typed int the description of the object in AD).

But when this computer is installed with Endpoint Protection, directly after install, the Description is lost (shown empty) in Enterprise Console but the Description itself

is still present in AD.

 

Workarrount is to modify the tables in the Database itself to get it back, but i think this is not the way by design :-)

 



This thread was automatically locked due to age.
  • 0

    Hello StefanHaßlinger,

    it is not a bug. While the field is populated with the AD information it is eventually set to the value (could be none) reported by the endpoint. The endpoint in turn reports the Computer description from the System Properties. A different description can be set when running setup.exe or it can be overridden later at any time.


    modify the tables (You should never do this [:)])
    The authoritative source for a computer's attributes in SEC is the endpoint, not AD (and not a manual update).

    Christian

  • 0 in reply to QC

    Hi Christian,

     

    hmm, i can't really aggree with your explanation (at least i aggree with modify tables :-)...). Because the fields are already set by the companies Administrator, he want to have that information which he alredy set and which Sophos Endpoint Console is correclty displaying after import or in other words before the client is rolled out.

    Alltrough, the desctipion of Support Articel https://community.sophos.com/kb/en-us/12570 you provided also says that:
    "Specify a computer description to override the one used in Windows. This description will appear in Enterprise Console."

    So the article confirms what i mean. However like i said, he already has it before setup but he clears it. May, if the local Machine is the source at installation time, this may is just
    the wrong order for the in-build "Import Description Function". It should be AD first, if none, then local computer.

    So this is a bug from my or the customer's side of view.

    Steve

  • 0 in reply to StefanHaßlinger

    Hello Steve,

    i can't really aggree with your explanation
    understandable from your POV (and nit-picking: You can't agree with what I describe [;)]).
    To clarify: SEC is not domain-oriented (even AD-sync is only a loose connection with limited functionality). AD is just one source for certain information, whether you import computer names from a file, from AD, or obtain them by other means doesn't matter. SEC manages all endpoints that register (after installation of the Endpoint software) regardless of their domain or workgroup membership. If there is already a matching stub object (e.g. from AD) it is used to move the computer object to the applicable group - nothing more. Naturally the endpoint must report the correct domain and basically name (obviously) and OS (as this can be considered to be set from the computer) must match. AD's computer description and a computer's local description attribute are not synchronized (i.e. a change on one side is not reflected on the other).
    Even AD sync is not an AD-oriented management tool or an AD-extension. It's nothing more than an electronic monkey that replicates the OU-tree as SEC groups and moves computers from one group to another if necessary.

    So, sorry, it's not a bug. You can request it as a feature (personally I doubt that you'll get it unless SEC and the management logic is completely rewritten). 

    Christian

Unfiltered HTML