Can Enterprise Console manage non domain computers?

Hello LY

I have rephrased the subject - you not only want to manage them (install Sophos by whatever means on the clients which then connect to the management server) but also use Protect Computers.

Yes, it can be done. The credentials necessary for protect computers are IMO the most confusing part of SEC. While error indication has improved compared to previous versions and the explanation is much better it's not intuitive. I'll try to explain.

Protect Computers does the following

• From the server an immediate task is scheduled on the client. For that to work RPC must be running (available) on the client, Firewalls must permit these connection and you have to connect with an account with sufficient rights to schedule a task on the client. Obviously you have all this but still ...
• The task is started on the client which uses calls the setup.exe (with some parameters) from the bootstrap location (CID) using (IIRC) a UNC path. Since the task runs with the credentials you specified for scheduling it this user must have permission to access the CID. The server hosting your CID must permit network access by non-domain accounts or (horrors) anonymous access, and share and NTFS permissions must allow read access.

SEC4 is - at least that's my impression - now checking the latter when you try to use Protect Computers  (previous versions did not and you got an error from the scheduled task) and if the requirements are not met the command fails immediately.

Hope this helps

Christian

(can't resist :smileywink: I checked it very thoroughly, and that quite definitely is the answer. I think the problem, to be quite honest with you, is that you've never actually known what the question is.)

Hello LY

I have rephrased the subject - you not only want to manage them (install Sophos by whatever means on the clients which then connect to the management server) but also use Protect Computers.

Yes, it can be done. The credentials necessary for protect computers are IMO the most confusing part of SEC. While error indication has improved compared to previous versions and the explanation is much better it's not intuitive. I'll try to explain.

Protect Computers does the following

• From the server an immediate task is scheduled on the client. For that to work RPC must be running (available) on the client, Firewalls must permit these connection and you have to connect with an account with sufficient rights to schedule a task on the client. Obviously you have all this but still ...
• The task is started on the client which uses calls the setup.exe (with some parameters) from the bootstrap location (CID) using (IIRC) a UNC path. Since the task runs with the credentials you specified for scheduling it this user must have permission to access the CID. The server hosting your CID must permit network access by non-domain accounts or (horrors) anonymous access, and share and NTFS permissions must allow read access.

SEC4 is - at least that's my impression - now checking the latter when you try to use Protect Computers  (previous versions did not and you got an error from the scheduled task) and if the requirements are not met the command fails immediately.

Hope this helps

Christian

(can't resist :smileywink: I checked it very thoroughly, and that quite definitely is the answer. I think the problem, to be quite honest with you, is that you've never actually known what the question is.)