Install Endpoint on unassigned/non joined to domain but manage it via console

Hello Ben@ryehills,

currently appears in the unassigned area of Sophos console
how did it get there? By using Discover or Import and it appears unmanaged (grey)? Please note that unmanaged in terms of SEC means that the computer is "known" to SEC for some reason but Sophos has not yet been installed on it. Whether it's part of a domain or not has no relevance.

Christian

Hi Christian,

Not sure really but it must of appeared by using Discover somehow or when the console refreshers. I have created a group in SE Console and moved the workstation in to that folder to give me the "Protect Computers" option. But this will not work because (I'm guessing) it needs matching local / network account to let the install work correctly.

Ben

Hello Ben,

it needs matching local / network account
correct. The credentials you enter are used for accessing the share and for install, either this is a domain account with the necessary rights or matching local accounts on the SEC server and the endpoint.
If this isn't possible then you have to log in to the endpoint and install manually from the CID.

Christian

Thanks Christian,

I will try the manually install and report back. Should it automaticity find the Sophos server or do I need to add access information to allow to talk to the console. 

Hello Ben,

the necessary information is in the CID (in mrinit.conf) so the endpoint should be able to talk to the console when you run setup.exe from there (or a package built from the CID). Of course the endpoint must be able to resolve the path in the updating policy (if using UNC it's normally \\ServerNetBIOS\SophosUpdate\). 

Christian

Hi Christian,

Sorry for the delay, thanks for you help I got it working with a few tweaks to the windows 10 firewall.

Ben