Cannot Manage Endpoints created from gold image

Question

Hi 
 
 We pushed out a gold image with Sophos AV included without correctly preparing the program (removing all componenents apart from autupdate) so we now have loads of machines in limbo mode that cant be managed from the SEC. Is there any way we can centrally control the removal of the client software without manually removing tamper protect from every machine. The client version is 10.8 
 We have tried moving them to an OU to disable tamper protect and several other methods but none are successful. 
 Can we use the MSI with the Sophos Admin credentials to disable tamper protect and uninstall the product? 
 the gold image has now been corrected following the Sophos KB but we still have about 400 machines that cannot be managed 
 
 many thanks for any suggestions

MEric · Accepted Answer

Hi Richard, 
 I'd try creating a redirection script from Sophos Enterprise Console and running it on an issue endpoint. The script will reinitialize Sophos RMS (Communication service). This may get them managed again without the need to uninstall or reinstall and can also be automatically pushed out via GPO. 
 https://community.sophos.com/kb/en-us/116737 
 After creating this, test it by running it on a single endpoint in an administrative command prompt (As you cannot right click > Run as admin on .vbs files). You may need to restart Sophos Agent and Sophos Message Router service after or just perform a reboot. 
 If the endpoint still cannot be managed then a reinstall may be required. The KB below may assist with automating it. If you did not enable enhanced Tamper Protection, you can include a line in the script to stop the Sophos Anti-virus prior to removal and this should override Tamper Protection, otherwise try including this command prior to uninstall: "C:\Program Files\Sophos\Endpoint Defense\SEDcli.exe" -TPoff <password> 
 https://community.sophos.com/kb/en-us/109668