This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Managing multiple OS groups within the SEC

Hi there,  we are running mac, windows and linux clients on our network and all are running sophos.

We have sets of groups for each OS type.

The windows groups are all AD synch'd so new clients automatically land in the correct group, but our linux and mac clients (which aren't in AD) tend to land in the unassigned group and need manual moving into the appropriate group.

while this is a pain, we noted yesterday that by default, new clients appear to be configured with default settings and happily scan things that are in exclusions for all of our groups, so we need to find a solution or these clients might try and scan many terabytes of our network and pollute some atime data that we use.

Is there any way, either within the SEC or at the linux/mac client end we can control what group these clients land in?

I tried pre-seeding the groups with hostnames via a file import and that seems to work sometimes, but even as we move our macs from 10.6.x to 10.7.x or 10.8.x, the SEC doesn't recognise them, even with the same hostname and MAC address and sticks them in unassigned.

I thought maybe we could set a policy for the unassigned group to have almost everything off so they won't do anything until assigned, but thats a no go.

Then I thought maybe I could edit a plist file to tell our mac clients what group they were in, but I don't think the clients know what group they are in - only the SEC seems to know this.  At least grepping for some of our group names in files on the client returned no results.

So I wondered if there was anything that I can do at the SEC end to assign based on OS.  There'd have to be exceptions, as we have dual boot linux/windows machines, and bootcamp on some macs, so whatever I choose needs to be semi-robust enough to cope with a variety of scenarios.  Also, if a machine was already in a group under our mac group tree, I wouldn't want it to get relocated to the top mac group each time.  Tricky stuff :)

any thoughts / suggestions?  Is there an API or scriptable way of managing this at the SEC end?  I'm still pretty fresh to this end of the SEC.

:34923


This thread was automatically locked due to age.