Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 10835 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access rights needed to Update main location

David Do Van

Hello Community,

I'm still working on our new SEC5.5 and now it seems that we can't download Updates to the main Update location on the Server, where SEC is installed. After a bit of error digging one solution was to give "everybody" change rights to the folder. So this must be an access right problem.

 

Local rights are as follow

Domain Admins: Complete
SophosUpdateMgr: write
SophosManagement: write
Domain-Computers: read
Networkservice: special
SYSTEM: Complete

I must be missing something there. Any advice is welcome.

Greetings, David



This thread was automatically locked due to age.
  • 0

    Hello David,

    we can't download Updates to the main Update location
    hm, that's a rather flowery description, could you please rephrase it more technical [:)]?
    SUM first downloads to its Warehouse, if this succeeds the warehouse data is decoded and deployed (i.e. copied) to the share. In the Update Managers view, what are the values in the Last updated and Download status columns, if you View Update Manager Details what are the errors are listed? A more detailed description is the the SUMTrace logs - impossible to say what to look for without knowing the errors though.

    this must be an access right problem
    not necessarily.     As said, impossible to tell without knowing what fails and at which point.

    Christian

  • 0 in reply to QC

    Hello QC,

    The Main Update Location is "C:\ProgrammData\Sophos\Update Manager\Update Manager" on the SEC Server. If i give "everybody" write rights to that folder, the updates are loaded and decoded without problem. With only the said access rights it can't access the warehouse and therefore throws erros on Updates.

    Error Codes are

    80040404
    80040406
    80040401

    Also the Event Viewer on the SEC Server shows this:

    There it says "User: not applicable".

    When looking into the configuration of the update manager I saw that it isnt possible to give the Update Manager an user account for that share. Maybe this could be the cause?

  • +1 in reply to David Do Van

    Hello David,

    you can't specify credentials for the default share as it is local and accessed using the local path.

    Dunno if SEC 5.5 sets other permissions (at least on a fresh install) than the previous versions. I have Full control for SYSTEM, Administrators and NETWORK SERVICE - SophosUpdateMgr.exe runs under this account, so what are the Special rights in your case? SophosUpdateMgr and Users have Read & execute, the database user (SophosManagement) isn't listed.

    So please check the account under which SophosUpdateMgr.exe runs (probably NETWORK SERVICE), should suffice to give this user write rights.

    Christian

  • 0 in reply to QC

    Hello QC,

    thanks for this hint. Looks like the culprit was Network Service. I gave it full control and now the updates are working again.

    IMHO you are the mvp here ;)

    Cheers, David

Unfiltered HTML