Auto-Set Group for new Computers

We have Sophos 10.  Currently when a new machine is added to our Domain, it runs a script which installs the Endpoint software onto the machine.  The issue is that the new machine shows up in the 'Unassigned' group which doesn't get any policies until we move it to a different group.  Is there a way for the system to assign new machines to an existing group by default either in the console or via a script when installed?  Thanks!

:24833
  • Hi,

    You will need to use the -g switch if you are running setup.exe as per:

    http://www.sophos.com/en-us/support/knowledgebase/12570.aspx

    The way it works means you could move the machine post install if required.  For example:

    .\setup.exe [otherswitches] -g "\ServerName\Servers\2003 computers"

    Note: It is case sensitive and you have to include the server name.

    Setup.exe writes a reg key with this "path" here:

    HKLM\Software\[wow6432node]\Sophos\Remote Management System\ManagementAgent

    String value of "GroupPath ", with the value in this case of "\ServerName\Servers\2003 computers ".

    Then, when the Sophos Agent gets installed as part of RMS, this reg value is read by the service, and a message goes back to the management server to move the machine.  The key is removed to save the message keeping going back.

    So, you could, if it makes more sense, create the key and restart the Sophos Agent service and it would also move it.

    Hopefully you can incorporate this into your deployment scripts and that you have some logic to map the machines to group.  Maybe be you just need a couple of "bootstrap" groups in order to get a policy or some sort to the machines to make the logic easier on the client.

    Regards,

    Jak

    :24835
  • Thanks!   The -g command was exactly what I needed!

    :24839
  • jak wrote Wed 16-May-2012 20:54 - edited ‎Wed 16-May-2012 20:59
    > Setup.exe writes a reg key with this "path" here:
    > HKLM\Software\[wow6432node]\Sophos\Remote Management System\ManagementAgent
    > String value of "GroupPath", with the value in this case of "\ServerName\Servers\2003 computers".

    Are you real sure? On "Endpoint Security and Control 10.3" i missing the GroupPath entry. For me it  was important to get the group information on the client side to detect if  client system is moved in the AD. Bug or feature in this Version?

    Bye

    MB@BBN

    :49514