Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 13173 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Auto deploy endpoints from sophos enterpise console

BigSteve

Hi, I use the sophos enterprise console and have an issue. I currently have AD syncing up with it but some computers are marked gray and don’t have Sophos on them (I have just noticed this by manually looking on one of the laptops we have connected to AD). How do I make It so endpoints auto deploy to the computers if they dont have an endpoint on it?

Is there a button at all that I can press to make this happen or should it be doing it automatically? 

Hope you can help. Thanks.



This thread was automatically locked due to age.
  • 0

    Hello BigSteve,

    when you set up AD Sync you have the Automatically deploy option. Please note that this has some restrictions, particularly it doesn't re-try protection after it has failed.
    Otherwise, did you try right-click Protect Computers?

    Christian

  • 0 in reply to QC

    Hi!,

     

    Yes its selected in sync properties that it deploys automatically and I have tried the manual approach of right clicking and selecting protect computer. It showed the hour glass symbol and then just disappeared. 

     

    Thanks.

     

    Bigsteve :)

  • 0 in reply to BigSteve

    Hello Bigsteve,

    the Protecting Computers chapter in the Console Help refers to the relevant docs and articles. Apparently something's missing in the endpoint configuration. There's also an article on how Protect works or is supposed to work.

    Christian

  • 0 in reply to QC

    Hello,

     

    Sorry for the late reply Ive actually been away. 

     

    I have actually followed this and still does not work. I have windows firewall disabled so I dont see how that could be blocking it :/

  • 0 in reply to BigSteve

    Hello BigSteve,

    not necessarily the firewall. I assume the Started Task is created but fails. The Task Scheduler logs should record this.
    One possible cause is the Do not allow storage of passwords and credentials for network authentication security setting.

    Christian

  • 0 in reply to QC

    Hi Christian,

     

    Thank you for getting back. Where would I find this to check?

     

    Many thanks

  • 0 in reply to BigSteve

    Hello BigSteve,

    the setting is in Local Security Policy, Local PoliciesSecurity Options: Network access: Do not allow storage of passwords and credentials for network authentication. By default Disabled, AFAIK if it's Enabled the started task fails because the credentials for accessing the CID aren't stored with the task.

    You should find the install task and its history under Computer Management → System Tools → Task Scheduler → Task Scheduler Library. If necessary from the Actions pane Enable All Tasks History.

    Christian

  • 0 in reply to QC

    Hi Christian,

     

    It seems that in the local policy is disabled like it should be :/ and I cannot locate the install task or the history of it on either my PC im downloading too or the server. 

    Thank you.

  • 0 in reply to BigSteve

    Hello BigSteve,

    if you right-click Protect Computers (using the same credentials as for AD sync) you get the hourglass, right? But there is no error message after it has disappeared and there is no trace of the Sophos_InstTask on the endpoint (either the Task Scheduler Library or the Event Viewer, Applications and Services Logs, Microsoft, Windows, Task Scheduler?
    Please see also this troubleshooting article

    Christian

Unfiltered HTML