This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Changing Updating Policy on Sophos Enterprise Console

Hello,

We are using Sophos Enterprise Console 5.5.1 and Sophos Endpoint Security and Control Version 10.8.

On near future we will migrate our domain control and I have concern regarding migrating domain controller server will affect sophos AutoUpdate feature since the username and password for AutoUpdate will be no longer valid if our Sophos server under new domain controller.

I have several question for this kind matter:

1.) what are configuration will be affected if we are migrate Sophos server to our new domain controller domain?

2.) Does change updating policy on Sophos Enterprise Console username and password will change Sophos AutoUpdate username and password as well?

My concern is when we are migrate the Sophos server and we must change username and password in Sophos Enterprise Console updating policy than we must make change to Sophos Endpoint Security and Control one by one which quite tedious because we are have around 200 client PC.

 

Thanks.



This thread was automatically locked due to age.
Parents
  • Hello Ahmad Anggra,

    must make change [...] one by one [?]
    to get around this is the very purpose of central management. If you change the credentials (username or/and password) in the policy the settings on the endpoints will be updated accordingly. This is the simple part.

    Do I understand correctly that you will change the domain (name)? If so, you'd have to uninstall and reinstall, and furthermore you won't be able to restore the database (in other words continue to use your existing setup and configuration). I see from the screenshot that you have a simple structure with an AD synchronized group tree and one additional group so this isn't exactly an Herculean task.

    Christian

  • Hi Cristian,

     

    Thanks for your answer.

    It is good that server will push configuration to it client agent. 

    Yes we will change domain name because we are migrating from old domain controller to new domain controller due to policy from our HQ.

    Are there any work around for this case? Does reinstall the Sophos Enterprise Console will resulting we need to reconfigure the Endpoint Security and Control as well

    Or it will not affect the Endpoint Security and Control because we not change the server IP addres of Sophos Enterprise Console

     

    Please let me know you suggestion sir.

Reply
  • Hi Cristian,

     

    Thanks for your answer.

    It is good that server will push configuration to it client agent. 

    Yes we will change domain name because we are migrating from old domain controller to new domain controller due to policy from our HQ.

    Are there any work around for this case? Does reinstall the Sophos Enterprise Console will resulting we need to reconfigure the Endpoint Security and Control as well

    Or it will not affect the Endpoint Security and Control because we not change the server IP addres of Sophos Enterprise Console

     

    Please let me know you suggestion sir.

Children
  • Hello Ahmad Anggra,

    the server IP (unless you have put it in the updating policy or have configured RMS to use only the IP) is unimportant as normally the server is found by its name.

    In any case you have to redefine the AD Synchronization. This will AFAIK result in a duplication of the synced endpoints and clutter the console. To continue to work with your existing database you'd need assistance from Support and to my knowledge this is not covered by basic support - there will be a charge.
    Apart from the minor task of redoing the policies an install from scratch results in the loss of historical data - something you perhaps can live with.

    IMO it's better to follow the recommendation and uninstall SEC and all other Sophos components from the management server. Before doing so set the Secondary update location to Sophos so that your endpoints (assuming they can download from the Internet) will stay up to date. The uninstall will leave the Certification Manager keys behind so that the reinstalled management server will continue to manage the endpoints. This might cause the above mentioned problems (and clutter) when you establish AD sync. As you're in an AD environment you're likely able to (re-)protect your endpoints from the console. Therefore I'd suggest (just my personal opinion, if you have doubts please consult Support or a Sophos Partner) to remove these keys prior to reinstall. After the installation re-establish AD sync and reprotect your endpoints.

    Christian