Changing Updating Policy on Sophos Enterprise Console

Hello Ahmad Anggra,

must make change [...] one by one [?]
to get around this is the very purpose of central management. If you change the credentials (username or/and password) in the policy the settings on the endpoints will be updated accordingly. This is the simple part.

Do I understand correctly that you will change the domain (name)? If so, you'd have to uninstall and reinstall, and furthermore you won't be able to restore the database (in other words continue to use your existing setup and configuration). I see from the screenshot that you have a simple structure with an AD synchronized group tree and one additional group so this isn't exactly an Herculean task.

Christian

Hello Ahmad Anggra,

must make change [...] one by one [?]
to get around this is the very purpose of central management. If you change the credentials (username or/and password) in the policy the settings on the endpoints will be updated accordingly. This is the simple part.

Do I understand correctly that you will change the domain (name)? If so, you'd have to uninstall and reinstall, and furthermore you won't be able to restore the database (in other words continue to use your existing setup and configuration). I see from the screenshot that you have a simple structure with an AD synchronized group tree and one additional group so this isn't exactly an Herculean task.

Christian

Hi Cristian,

Thanks for your answer.

It is good that server will push configuration to it client agent. 

Yes we will change domain name because we are migrating from old domain controller to new domain controller due to policy from our HQ.

Are there any work around for this case? Does reinstall the Sophos Enterprise Console will resulting we need to reconfigure the Endpoint Security and Control as well

Or it will not affect the Endpoint Security and Control because we not change the server IP addres of Sophos Enterprise Console

Please let me know you suggestion sir.

Hello Ahmad Anggra,

the server IP (unless you have put it in the updating policy or have configured RMS to use only the IP) is unimportant as normally the server is found by its name.

In any case you have to redefine the AD Synchronization. This will AFAIK result in a duplication of the synced endpoints and clutter the console. To continue to work with your existing database you'd need assistance from Support and to my knowledge this is not covered by basic support - there will be a charge.
Apart from the minor task of redoing the policies an install from scratch results in the loss of historical data - something you perhaps can live with.

IMO it's better to follow the recommendation and uninstall SEC and all other Sophos components from the management server. Before doing so set the Secondary update location to Sophos so that your endpoints (assuming they can download from the Internet) will stay up to date. The uninstall will leave the Certification Manager keys behind so that the reinstalled management server will continue to manage the endpoints. This might cause the above mentioned problems (and clutter) when you establish AD sync. As you're in an AD environment you're likely able to (re-)protect your endpoints from the console. Therefore I'd suggest (just my personal opinion, if you have doubts please consult Support or a Sophos Partner) to remove these keys prior to reinstall. After the installation re-establish AD sync and reprotect your endpoints.

Christian