Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 4906 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC migration to Sophos Central

BSRIA-

I have moved from on-premise SEC to Sophos Central (Cloud).  All client machines and servers now update from the Cloud and SEC has been removed and uninstalled.

 

Does anyone know which users/groups were part of SEC / CID method and can be deleted?

 

I still have : 

Groups

Sophos DB Admins

Sophos DB Users

Sophos EC Users

Sophos Full Adninistrators

SophosAdministrator

SophosDomainAdministrator

SophosDomainPowerUser

Users

SophosRemote

SophosUpdateMgr

SophosUser

and

two SophosSAU(ServerName)0 accounts

 

are these all safe to go now that everything is central?

 

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Can be removed:

    Sophos DB Admins 
    Sophos DB Users 
    Sophos EC Users
    Sophos Full Administrators
    SophosUpdateMgr  (by default this is the account used by the clients in their updating policy to fetch updates from the server, if no clients are updating from the old management server it can be removed)

    Keep:

    SophosAdministrator
    SophosDomainAdministrator
    SophosDomainPowerUser
    SophosUser

    I'm not sure what this account was for: SophosRemote as it's not a 'recommended' name or auto-created one.  If it's the equivalent of the SophosManagement user as mentioned here: https://community.sophos.com/kb/en-us/113954 it can be removed.

    The SophosSAU* accounts are used by AutoUpdate.  The latest version of Sophos AutoUpdate (XG) (Central only) no longer creates this local account as it's all HTTP updating.


    It's referenced in the following registry key if it's in use:

    • [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Service]
      "Download User" = "SophosUpdate”        (String value)
    • [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\AutoUpdate\Service]
      "Download User" = "SophosUpdate”        (String value)

    Regards,

    Jak

Reply
  • 0

    Can be removed:

    Sophos DB Admins 
    Sophos DB Users 
    Sophos EC Users
    Sophos Full Administrators
    SophosUpdateMgr  (by default this is the account used by the clients in their updating policy to fetch updates from the server, if no clients are updating from the old management server it can be removed)

    Keep:

    SophosAdministrator
    SophosDomainAdministrator
    SophosDomainPowerUser
    SophosUser

    I'm not sure what this account was for: SophosRemote as it's not a 'recommended' name or auto-created one.  If it's the equivalent of the SophosManagement user as mentioned here: https://community.sophos.com/kb/en-us/113954 it can be removed.

    The SophosSAU* accounts are used by AutoUpdate.  The latest version of Sophos AutoUpdate (XG) (Central only) no longer creates this local account as it's all HTTP updating.


    It's referenced in the following registry key if it's in use:

    • [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Service]
      "Download User" = "SophosUpdate”        (String value)
    • [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\AutoUpdate\Service]
      "Download User" = "SophosUpdate”        (String value)

    Regards,

    Jak

Children
No Data
Unfiltered HTML