Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 0 subscribers
  • Views 11999 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Only members of SCA are allowed to run the Sophos Enterprise Console"

Remabec

Hello,

We have an issues with some users that we want them to use the console in read-only.

They get an error saying :

"Only members of the Sophos Console Administrators group are allowed to run the Sophos Enterprise Console. You must be a member of Sophos Console Administrators and have acces to DCOM on <Server name> and be on the same DCOM user group has <Server name>.

1. We made sure that de DCOM registry in key registry parameters was set to "Y" and that the users had the rights on it on bath server and remote computer.

2. We made sure that the users were member of SophosDomainAdministrator.

3. We made sure tthat the users had rights to the HKLM\SOFTWARE\WOW6432NODE\SOPHOS\EE\Management Tools on both server and remote computer.

The thing is that we don't want those users to be administrators of the console and not domain admin, only read-only on the console with their current users.

Is there any other things to try to make it work without making them Administrator of the console?

Thank you.

Richard Noel.

:57961


This thread was automatically locked due to age.
Parents
  • 0

    Hello Richard,

    we have an issue

    :smileytongue: the issue is that you don't buy into the error message :smileyhappy:. Seriously, it is admittedly not intuitive but membership of Sophos Console Administrators is required to open the console (please see item 4. under What to do). The actual rights are assigned by means of Roles and Sub-Estates (see also the topic in the Enterprise Console Help, and note the rights of the Guest role).

    member of SophosDomainAdministrator

    gives them SophosAdministrator rights on all (domain) endpoints they are permitted to log on to. Then why not give them corresponding rights in the console as well?

    Christian

    :57967
Reply
  • 0

    Hello Richard,

    we have an issue

    :smileytongue: the issue is that you don't buy into the error message :smileyhappy:. Seriously, it is admittedly not intuitive but membership of Sophos Console Administrators is required to open the console (please see item 4. under What to do). The actual rights are assigned by means of Roles and Sub-Estates (see also the topic in the Enterprise Console Help, and note the rights of the Guest role).

    member of SophosDomainAdministrator

    gives them SophosAdministrator rights on all (domain) endpoints they are permitted to log on to. Then why not give them corresponding rights in the console as well?

    Christian

    :57967
Children
No Data
Unfiltered HTML