Default Policy for Unassigned Machines

Question

When Endpoint Protector is installed on a new PC on our network the PC ends up in the "Unassigned" group in SEC. The problem with this, for us, is that you cannot apply policies to that Unassigned group. So EPP gets installed (sometimes by our Users), but until us System Admins take further action Sophos is not really doing anything. 
 We need policies to be active as soon as Endpoint is installed.. So... How can we force new installs to go into a default group instead of "Unassigned"? OR, alternatively, how can we apply a default policy to that "Unassigned" group? 
 Any suggestions would be welcomed, thanks in advance.

QC · Accepted Answer

Hello DennisSeaton, 
 Sophos is not really doing anything Unassigned means that no policies are transferred to the endpoint, it does not mean no settings are in effect. Please see Recommended settings for Anti-Virus and HIPS . Depending on your deployment method ( sometimes by our Users - do you use the Deployment Packager?) updating should (could) be configured correctly (that's probably your major concern). Please see also Command line parameters used by Setup.exe , in particular the -G parameter for setting an initial group. 
 Christian